1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7 8/* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * 11 * Support for enhanced MLS infrastructure. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 14 * 15 * Added conditional policy language extensions 16 * 17 * Updated: Hewlett-Packard <paul@paul-moore.com> 18 * 19 * Added support for the policy capability bitmap 20 * 21 * Update: Mellanox Techonologies 22 * 23 * Added Infiniband support 24 * 25 * Copyright (C) 2016 Mellanox Techonologies 26 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 27 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 28 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 29 */ 30 31#include <linux/kernel.h> 32#include <linux/sched.h> 33#include <linux/slab.h> 34#include <linux/string.h> 35#include <linux/errno.h> 36#include <linux/audit.h> 37#include "security.h" 38 39#include "policydb.h" 40#include "conditional.h" 41#include "mls.h" 42#include "services.h" 43 44#define _DEBUG_HASHES 45 46#ifdef DEBUG_HASHES 47static const char *symtab_name[SYM_NUM] = { 48 "common prefixes", 49 "classes", 50 "roles", 51 "types", 52 "users", 53 "bools", 54 "levels", 55 "categories", 56}; 57#endif 58 59struct policydb_compat_info { 60 int version; 61 int sym_num; 62 int ocon_num; 63}; 64 65/* These need to be updated if SYM_NUM or OCON_NUM changes */ 66static struct policydb_compat_info policydb_compat[] = { 67 { 68 .version = POLICYDB_VERSION_BASE, 69 .sym_num = SYM_NUM - 3, 70 .ocon_num = OCON_NUM - 3, 71 }, 72 { 73 .version = POLICYDB_VERSION_BOOL, 74 .sym_num = SYM_NUM - 2, 75 .ocon_num = OCON_NUM - 3, 76 }, 77 { 78 .version = POLICYDB_VERSION_IPV6, 79 .sym_num = SYM_NUM - 2, 80 .ocon_num = OCON_NUM - 2, 81 }, 82 { 83 .version = POLICYDB_VERSION_NLCLASS, 84 .sym_num = SYM_NUM - 2, 85 .ocon_num = OCON_NUM - 2, 86 }, 87 { 88 .version = POLICYDB_VERSION_MLS, 89 .sym_num = SYM_NUM, 90 .ocon_num = OCON_NUM - 2, 91 }, 92 { 93 .version = POLICYDB_VERSION_AVTAB, 94 .sym_num = SYM_NUM, 95 .ocon_num = OCON_NUM - 2, 96 }, 97 { 98 .version = POLICYDB_VERSION_RANGETRANS, 99 .sym_num = SYM_NUM, 100 .ocon_num = OCON_NUM - 2, 101 }, 102 { 103 .version = POLICYDB_VERSION_POLCAP, 104 .sym_num = SYM_NUM, 105 .ocon_num = OCON_NUM - 2, 106 }, 107 { 108 .version = POLICYDB_VERSION_PERMISSIVE, 109 .sym_num = SYM_NUM, 110 .ocon_num = OCON_NUM - 2, 111 }, 112 { 113 .version = POLICYDB_VERSION_BOUNDARY, 114 .sym_num = SYM_NUM, 115 .ocon_num = OCON_NUM - 2, 116 }, 117 { 118 .version = POLICYDB_VERSION_FILENAME_TRANS, 119 .sym_num = SYM_NUM, 120 .ocon_num = OCON_NUM - 2, 121 }, 122 { 123 .version = POLICYDB_VERSION_ROLETRANS, 124 .sym_num = SYM_NUM, 125 .ocon_num = OCON_NUM - 2, 126 }, 127 { 128 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 129 .sym_num = SYM_NUM, 130 .ocon_num = OCON_NUM - 2, 131 }, 132 { 133 .version = POLICYDB_VERSION_DEFAULT_TYPE, 134 .sym_num = SYM_NUM, 135 .ocon_num = OCON_NUM - 2, 136 }, 137 { 138 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 139 .sym_num = SYM_NUM, 140 .ocon_num = OCON_NUM - 2, 141 }, 142 { 143 .version = POLICYDB_VERSION_XPERMS_IOCTL, 144 .sym_num = SYM_NUM, 145 .ocon_num = OCON_NUM - 2, 146 }, 147 { 148 .version = POLICYDB_VERSION_INFINIBAND, 149 .sym_num = SYM_NUM, 150 .ocon_num = OCON_NUM, 151 }, 152 { 153 .version = POLICYDB_VERSION_GLBLUB, 154 .sym_num = SYM_NUM, 155 .ocon_num = OCON_NUM, 156 }, 157 { 158 .version = POLICYDB_VERSION_COMP_FTRANS, 159 .sym_num = SYM_NUM, 160 .ocon_num = OCON_NUM, 161 }, 162}; 163 164static struct policydb_compat_info *policydb_lookup_compat(int version) 165{ 166 int i; 167 struct policydb_compat_info *info = NULL; 168 169 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 170 if (policydb_compat[i].version == version) { 171 info = &policydb_compat[i]; 172 break; 173 } 174 } 175 return info; 176} 177 178/* 179 * The following *_destroy functions are used to 180 * free any memory allocated for each kind of 181 * symbol data in the policy database. 182 */ 183 184static int perm_destroy(void *key, void *datum, void *p) 185{ 186 kfree(key); 187 kfree(datum); 188 return 0; 189} 190 191static int common_destroy(void *key, void *datum, void *p) 192{ 193 struct common_datum *comdatum; 194 195 kfree(key); 196 if (datum) { 197 comdatum = datum; 198 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL); 199 hashtab_destroy(&comdatum->permissions.table); 200 } 201 kfree(datum); 202 return 0; 203} 204 205static void constraint_expr_destroy(struct constraint_expr *expr) 206{ 207 if (expr) { 208 ebitmap_destroy(&expr->names); 209 if (expr->type_names) { 210 ebitmap_destroy(&expr->type_names->types); 211 ebitmap_destroy(&expr->type_names->negset); 212 kfree(expr->type_names); 213 } 214 kfree(expr); 215 } 216} 217 218static int cls_destroy(void *key, void *datum, void *p) 219{ 220 struct class_datum *cladatum; 221 struct constraint_node *constraint, *ctemp; 222 struct constraint_expr *e, *etmp; 223 224 kfree(key); 225 if (datum) { 226 cladatum = datum; 227 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL); 228 hashtab_destroy(&cladatum->permissions.table); 229 constraint = cladatum->constraints; 230 while (constraint) { 231 e = constraint->expr; 232 while (e) { 233 etmp = e; 234 e = e->next; 235 constraint_expr_destroy(etmp); 236 } 237 ctemp = constraint; 238 constraint = constraint->next; 239 kfree(ctemp); 240 } 241 242 constraint = cladatum->validatetrans; 243 while (constraint) { 244 e = constraint->expr; 245 while (e) { 246 etmp = e; 247 e = e->next; 248 constraint_expr_destroy(etmp); 249 } 250 ctemp = constraint; 251 constraint = constraint->next; 252 kfree(ctemp); 253 } 254 kfree(cladatum->comkey); 255 } 256 kfree(datum); 257 return 0; 258} 259 260static int role_destroy(void *key, void *datum, void *p) 261{ 262 struct role_datum *role; 263 264 kfree(key); 265 if (datum) { 266 role = datum; 267 ebitmap_destroy(&role->dominates); 268 ebitmap_destroy(&role->types); 269 } 270 kfree(datum); 271 return 0; 272} 273 274static int type_destroy(void *key, void *datum, void *p) 275{ 276 kfree(key); 277 kfree(datum); 278 return 0; 279} 280 281static int user_destroy(void *key, void *datum, void *p) 282{ 283 struct user_datum *usrdatum; 284 285 kfree(key); 286 if (datum) { 287 usrdatum = datum; 288 ebitmap_destroy(&usrdatum->roles); 289 ebitmap_destroy(&usrdatum->range.level[0].cat); 290 ebitmap_destroy(&usrdatum->range.level[1].cat); 291 ebitmap_destroy(&usrdatum->dfltlevel.cat); 292 } 293 kfree(datum); 294 return 0; 295} 296 297static int sens_destroy(void *key, void *datum, void *p) 298{ 299 struct level_datum *levdatum; 300 301 kfree(key); 302 if (datum) { 303 levdatum = datum; 304 if (levdatum->level) 305 ebitmap_destroy(&levdatum->level->cat); 306 kfree(levdatum->level); 307 } 308 kfree(datum); 309 return 0; 310} 311 312static int cat_destroy(void *key, void *datum, void *p) 313{ 314 kfree(key); 315 kfree(datum); 316 return 0; 317} 318 319static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 320{ 321 common_destroy, 322 cls_destroy, 323 role_destroy, 324 type_destroy, 325 user_destroy, 326 cond_destroy_bool, 327 sens_destroy, 328 cat_destroy, 329}; 330 331static int filenametr_destroy(void *key, void *datum, void *p) 332{ 333 struct filename_trans_key *ft = key; 334 struct filename_trans_datum *next, *d = datum; 335 336 kfree(ft->name); 337 kfree(key); 338 do { 339 ebitmap_destroy(&d->stypes); 340 next = d->next; 341 kfree(d); 342 d = next; 343 } while (unlikely(d)); 344 cond_resched(); 345 return 0; 346} 347 348static int range_tr_destroy(void *key, void *datum, void *p) 349{ 350 struct mls_range *rt = datum; 351 352 kfree(key); 353 ebitmap_destroy(&rt->level[0].cat); 354 ebitmap_destroy(&rt->level[1].cat); 355 kfree(datum); 356 cond_resched(); 357 return 0; 358} 359 360static int role_tr_destroy(void *key, void *datum, void *p) 361{ 362 kfree(key); 363 kfree(datum); 364 return 0; 365} 366 367static void ocontext_destroy(struct ocontext *c, int i) 368{ 369 if (!c) 370 return; 371 372 context_destroy(&c->context[0]); 373 context_destroy(&c->context[1]); 374 if (i == OCON_ISID || i == OCON_FS || 375 i == OCON_NETIF || i == OCON_FSUSE) 376 kfree(c->u.name); 377 kfree(c); 378} 379 380/* 381 * Initialize the role table. 382 */ 383static int roles_init(struct policydb *p) 384{ 385 char *key = NULL; 386 int rc; 387 struct role_datum *role; 388 389 role = kzalloc(sizeof(*role), GFP_KERNEL); 390 if (!role) 391 return -ENOMEM; 392 393 rc = -EINVAL; 394 role->value = ++p->p_roles.nprim; 395 if (role->value != OBJECT_R_VAL) 396 goto out; 397 398 rc = -ENOMEM; 399 key = kstrdup(OBJECT_R, GFP_KERNEL); 400 if (!key) 401 goto out; 402 403 rc = symtab_insert(&p->p_roles, key, role); 404 if (rc) 405 goto out; 406 407 return 0; 408out: 409 kfree(key); 410 kfree(role); 411 return rc; 412} 413 414static u32 filenametr_hash(const void *k) 415{ 416 const struct filename_trans_key *ft = k; 417 unsigned long hash; 418 unsigned int byte_num; 419 unsigned char focus; 420 421 hash = ft->ttype ^ ft->tclass; 422 423 byte_num = 0; 424 while ((focus = ft->name[byte_num++])) 425 hash = partial_name_hash(focus, hash); 426 return hash; 427} 428 429static int filenametr_cmp(const void *k1, const void *k2) 430{ 431 const struct filename_trans_key *ft1 = k1; 432 const struct filename_trans_key *ft2 = k2; 433 int v; 434 435 v = ft1->ttype - ft2->ttype; 436 if (v) 437 return v; 438 439 v = ft1->tclass - ft2->tclass; 440 if (v) 441 return v; 442 443 return strcmp(ft1->name, ft2->name); 444 445} 446 447static const struct hashtab_key_params filenametr_key_params = { 448 .hash = filenametr_hash, 449 .cmp = filenametr_cmp, 450}; 451 452struct filename_trans_datum *policydb_filenametr_search( 453 struct policydb *p, struct filename_trans_key *key) 454{ 455 return hashtab_search(&p->filename_trans, key, filenametr_key_params); 456} 457 458static u32 rangetr_hash(const void *k) 459{ 460 const struct range_trans *key = k; 461 462 return key->source_type + (key->target_type << 3) + 463 (key->target_class << 5); 464} 465 466static int rangetr_cmp(const void *k1, const void *k2) 467{ 468 const struct range_trans *key1 = k1, *key2 = k2; 469 int v; 470 471 v = key1->source_type - key2->source_type; 472 if (v) 473 return v; 474 475 v = key1->target_type - key2->target_type; 476 if (v) 477 return v; 478 479 v = key1->target_class - key2->target_class; 480 481 return v; 482} 483 484static const struct hashtab_key_params rangetr_key_params = { 485 .hash = rangetr_hash, 486 .cmp = rangetr_cmp, 487}; 488 489struct mls_range *policydb_rangetr_search(struct policydb *p, 490 struct range_trans *key) 491{ 492 return hashtab_search(&p->range_tr, key, rangetr_key_params); 493} 494 495static u32 role_trans_hash(const void *k) 496{ 497 const struct role_trans_key *key = k; 498 499 return key->role + (key->type << 3) + (key->tclass << 5); 500} 501 502static int role_trans_cmp(const void *k1, const void *k2) 503{ 504 const struct role_trans_key *key1 = k1, *key2 = k2; 505 int v; 506 507 v = key1->role - key2->role; 508 if (v) 509 return v; 510 511 v = key1->type - key2->type; 512 if (v) 513 return v; 514 515 return key1->tclass - key2->tclass; 516} 517 518static const struct hashtab_key_params roletr_key_params = { 519 .hash = role_trans_hash, 520 .cmp = role_trans_cmp, 521}; 522 523struct role_trans_datum *policydb_roletr_search(struct policydb *p, 524 struct role_trans_key *key) 525{ 526 return hashtab_search(&p->role_tr, key, roletr_key_params); 527} 528 529/* 530 * Initialize a policy database structure. 531 */ 532static void policydb_init(struct policydb *p) 533{ 534 memset(p, 0, sizeof(*p)); 535 536 avtab_init(&p->te_avtab); 537 cond_policydb_init(p); 538 539 ebitmap_init(&p->filename_trans_ttypes); 540 ebitmap_init(&p->policycaps); 541 ebitmap_init(&p->permissive_map); 542} 543 544/* 545 * The following *_index functions are used to 546 * define the val_to_name and val_to_struct arrays 547 * in a policy database structure. The val_to_name 548 * arrays are used when converting security context 549 * structures into string representations. The 550 * val_to_struct arrays are used when the attributes 551 * of a class, role, or user are needed. 552 */ 553 554static int common_index(void *key, void *datum, void *datap) 555{ 556 struct policydb *p; 557 struct common_datum *comdatum; 558 559 comdatum = datum; 560 p = datap; 561 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 562 return -EINVAL; 563 564 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 565 566 return 0; 567} 568 569static int class_index(void *key, void *datum, void *datap) 570{ 571 struct policydb *p; 572 struct class_datum *cladatum; 573 574 cladatum = datum; 575 p = datap; 576 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 577 return -EINVAL; 578 579 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 580 p->class_val_to_struct[cladatum->value - 1] = cladatum; 581 return 0; 582} 583 584static int role_index(void *key, void *datum, void *datap) 585{ 586 struct policydb *p; 587 struct role_datum *role; 588 589 role = datum; 590 p = datap; 591 if (!role->value 592 || role->value > p->p_roles.nprim 593 || role->bounds > p->p_roles.nprim) 594 return -EINVAL; 595 596 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 597 p->role_val_to_struct[role->value - 1] = role; 598 return 0; 599} 600 601static int type_index(void *key, void *datum, void *datap) 602{ 603 struct policydb *p; 604 struct type_datum *typdatum; 605 606 typdatum = datum; 607 p = datap; 608 609 if (typdatum->primary) { 610 if (!typdatum->value 611 || typdatum->value > p->p_types.nprim 612 || typdatum->bounds > p->p_types.nprim) 613 return -EINVAL; 614 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 615 p->type_val_to_struct[typdatum->value - 1] = typdatum; 616 } 617 618 return 0; 619} 620 621static int user_index(void *key, void *datum, void *datap) 622{ 623 struct policydb *p; 624 struct user_datum *usrdatum; 625 626 usrdatum = datum; 627 p = datap; 628 if (!usrdatum->value 629 || usrdatum->value > p->p_users.nprim 630 || usrdatum->bounds > p->p_users.nprim) 631 return -EINVAL; 632 633 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 634 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 635 return 0; 636} 637 638static int sens_index(void *key, void *datum, void *datap) 639{ 640 struct policydb *p; 641 struct level_datum *levdatum; 642 643 levdatum = datum; 644 p = datap; 645 646 if (!levdatum->isalias) { 647 if (!levdatum->level->sens || 648 levdatum->level->sens > p->p_levels.nprim) 649 return -EINVAL; 650 651 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; 652 } 653 654 return 0; 655} 656 657static int cat_index(void *key, void *datum, void *datap) 658{ 659 struct policydb *p; 660 struct cat_datum *catdatum; 661 662 catdatum = datum; 663 p = datap; 664 665 if (!catdatum->isalias) { 666 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 667 return -EINVAL; 668 669 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 670 } 671 672 return 0; 673} 674 675static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 676{ 677 common_index, 678 class_index, 679 role_index, 680 type_index, 681 user_index, 682 cond_index_bool, 683 sens_index, 684 cat_index, 685}; 686 687#ifdef DEBUG_HASHES 688static void hash_eval(struct hashtab *h, const char *hash_name) 689{ 690 struct hashtab_info info; 691 692 hashtab_stat(h, &info); 693 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d\n", 694 hash_name, h->nel, info.slots_used, h->size, 695 info.max_chain_len); 696} 697 698static void symtab_hash_eval(struct symtab *s) 699{ 700 int i; 701 702 for (i = 0; i < SYM_NUM; i++) 703 hash_eval(&s[i].table, symtab_name[i]); 704} 705 706#else 707static inline void hash_eval(struct hashtab *h, char *hash_name) 708{ 709} 710#endif 711 712/* 713 * Define the other val_to_name and val_to_struct arrays 714 * in a policy database structure. 715 * 716 * Caller must clean up on failure. 717 */ 718static int policydb_index(struct policydb *p) 719{ 720 int i, rc; 721 722 if (p->mls_enabled) 723 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 724 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 725 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 726 else 727 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 728 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 729 p->p_bools.nprim); 730 731 pr_debug("SELinux: %d classes, %d rules\n", 732 p->p_classes.nprim, p->te_avtab.nel); 733 734#ifdef DEBUG_HASHES 735 avtab_hash_eval(&p->te_avtab, "rules"); 736 symtab_hash_eval(p->symtab); 737#endif 738 739 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 740 sizeof(*p->class_val_to_struct), 741 GFP_KERNEL); 742 if (!p->class_val_to_struct) 743 return -ENOMEM; 744 745 p->role_val_to_struct = kcalloc(p->p_roles.nprim, 746 sizeof(*p->role_val_to_struct), 747 GFP_KERNEL); 748 if (!p->role_val_to_struct) 749 return -ENOMEM; 750 751 p->user_val_to_struct = kcalloc(p->p_users.nprim, 752 sizeof(*p->user_val_to_struct), 753 GFP_KERNEL); 754 if (!p->user_val_to_struct) 755 return -ENOMEM; 756 757 p->type_val_to_struct = kvcalloc(p->p_types.nprim, 758 sizeof(*p->type_val_to_struct), 759 GFP_KERNEL); 760 if (!p->type_val_to_struct) 761 return -ENOMEM; 762 763 rc = cond_init_bool_indexes(p); 764 if (rc) 765 goto out; 766 767 for (i = 0; i < SYM_NUM; i++) { 768 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 769 sizeof(char *), 770 GFP_KERNEL); 771 if (!p->sym_val_to_name[i]) 772 return -ENOMEM; 773 774 rc = hashtab_map(&p->symtab[i].table, index_f[i], p); 775 if (rc) 776 goto out; 777 } 778 rc = 0; 779out: 780 return rc; 781} 782 783/* 784 * Free any memory allocated by a policy database structure. 785 */ 786void policydb_destroy(struct policydb *p) 787{ 788 struct ocontext *c, *ctmp; 789 struct genfs *g, *gtmp; 790 int i; 791 struct role_allow *ra, *lra = NULL; 792 793 for (i = 0; i < SYM_NUM; i++) { 794 cond_resched(); 795 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL); 796 hashtab_destroy(&p->symtab[i].table); 797 } 798 799 for (i = 0; i < SYM_NUM; i++) 800 kvfree(p->sym_val_to_name[i]); 801 802 kfree(p->class_val_to_struct); 803 kfree(p->role_val_to_struct); 804 kfree(p->user_val_to_struct); 805 kvfree(p->type_val_to_struct); 806 807 avtab_destroy(&p->te_avtab); 808 809 for (i = 0; i < OCON_NUM; i++) { 810 cond_resched(); 811 c = p->ocontexts[i]; 812 while (c) { 813 ctmp = c; 814 c = c->next; 815 ocontext_destroy(ctmp, i); 816 } 817 p->ocontexts[i] = NULL; 818 } 819 820 g = p->genfs; 821 while (g) { 822 cond_resched(); 823 kfree(g->fstype); 824 c = g->head; 825 while (c) { 826 ctmp = c; 827 c = c->next; 828 ocontext_destroy(ctmp, OCON_FSUSE); 829 } 830 gtmp = g; 831 g = g->next; 832 kfree(gtmp); 833 } 834 p->genfs = NULL; 835 836 cond_policydb_destroy(p); 837 838 hashtab_map(&p->role_tr, role_tr_destroy, NULL); 839 hashtab_destroy(&p->role_tr); 840 841 for (ra = p->role_allow; ra; ra = ra->next) { 842 cond_resched(); 843 kfree(lra); 844 lra = ra; 845 } 846 kfree(lra); 847 848 hashtab_map(&p->filename_trans, filenametr_destroy, NULL); 849 hashtab_destroy(&p->filename_trans); 850 851 hashtab_map(&p->range_tr, range_tr_destroy, NULL); 852 hashtab_destroy(&p->range_tr); 853 854 if (p->type_attr_map_array) { 855 for (i = 0; i < p->p_types.nprim; i++) 856 ebitmap_destroy(&p->type_attr_map_array[i]); 857 kvfree(p->type_attr_map_array); 858 } 859 860 ebitmap_destroy(&p->filename_trans_ttypes); 861 ebitmap_destroy(&p->policycaps); 862 ebitmap_destroy(&p->permissive_map); 863} 864 865/* 866 * Load the initial SIDs specified in a policy database 867 * structure into a SID table. 868 */ 869int policydb_load_isids(struct policydb *p, struct sidtab *s) 870{ 871 struct ocontext *head, *c; 872 int rc; 873 874 rc = sidtab_init(s); 875 if (rc) { 876 pr_err("SELinux: out of memory on SID table init\n"); 877 return rc; 878 } 879 880 head = p->ocontexts[OCON_ISID]; 881 for (c = head; c; c = c->next) { 882 u32 sid = c->sid[0]; 883 const char *name = security_get_initial_sid_context(sid); 884 885 if (sid == SECSID_NULL) { 886 pr_err("SELinux: SID 0 was assigned a context.\n"); 887 sidtab_destroy(s); 888 return -EINVAL; 889 } 890 891 /* Ignore initial SIDs unused by this kernel. */ 892 if (!name) 893 continue; 894 895 rc = sidtab_set_initial(s, sid, &c->context[0]); 896 if (rc) { 897 pr_err("SELinux: unable to load initial SID %s.\n", 898 name); 899 sidtab_destroy(s); 900 return rc; 901 } 902 } 903 return 0; 904} 905 906int policydb_class_isvalid(struct policydb *p, unsigned int class) 907{ 908 if (!class || class > p->p_classes.nprim) 909 return 0; 910 return 1; 911} 912 913int policydb_role_isvalid(struct policydb *p, unsigned int role) 914{ 915 if (!role || role > p->p_roles.nprim) 916 return 0; 917 return 1; 918} 919 920int policydb_type_isvalid(struct policydb *p, unsigned int type) 921{ 922 if (!type || type > p->p_types.nprim) 923 return 0; 924 return 1; 925} 926 927/* 928 * Return 1 if the fields in the security context 929 * structure `c' are valid. Return 0 otherwise. 930 */ 931int policydb_context_isvalid(struct policydb *p, struct context *c) 932{ 933 struct role_datum *role; 934 struct user_datum *usrdatum; 935 936 if (!c->role || c->role > p->p_roles.nprim) 937 return 0; 938 939 if (!c->user || c->user > p->p_users.nprim) 940 return 0; 941 942 if (!c->type || c->type > p->p_types.nprim) 943 return 0; 944 945 if (c->role != OBJECT_R_VAL) { 946 /* 947 * Role must be authorized for the type. 948 */ 949 role = p->role_val_to_struct[c->role - 1]; 950 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 951 /* role may not be associated with type */ 952 return 0; 953 954 /* 955 * User must be authorized for the role. 956 */ 957 usrdatum = p->user_val_to_struct[c->user - 1]; 958 if (!usrdatum) 959 return 0; 960 961 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 962 /* user may not be associated with role */ 963 return 0; 964 } 965 966 if (!mls_context_isvalid(p, c)) 967 return 0; 968 969 return 1; 970} 971 972/* 973 * Read a MLS range structure from a policydb binary 974 * representation file. 975 */ 976static int mls_read_range_helper(struct mls_range *r, void *fp) 977{ 978 __le32 buf[2]; 979 u32 items; 980 int rc; 981 982 rc = next_entry(buf, fp, sizeof(u32)); 983 if (rc) 984 goto out; 985 986 rc = -EINVAL; 987 items = le32_to_cpu(buf[0]); 988 if (items > ARRAY_SIZE(buf)) { 989 pr_err("SELinux: mls: range overflow\n"); 990 goto out; 991 } 992 993 rc = next_entry(buf, fp, sizeof(u32) * items); 994 if (rc) { 995 pr_err("SELinux: mls: truncated range\n"); 996 goto out; 997 } 998 999 r->level[0].sens = le32_to_cpu(buf[0]); 1000 if (items > 1) 1001 r->level[1].sens = le32_to_cpu(buf[1]); 1002 else 1003 r->level[1].sens = r->level[0].sens; 1004 1005 rc = ebitmap_read(&r->level[0].cat, fp); 1006 if (rc) { 1007 pr_err("SELinux: mls: error reading low categories\n"); 1008 goto out; 1009 } 1010 if (items > 1) { 1011 rc = ebitmap_read(&r->level[1].cat, fp); 1012 if (rc) { 1013 pr_err("SELinux: mls: error reading high categories\n"); 1014 goto bad_high; 1015 } 1016 } else { 1017 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1018 if (rc) { 1019 pr_err("SELinux: mls: out of memory\n"); 1020 goto bad_high; 1021 } 1022 } 1023 1024 return 0; 1025bad_high: 1026 ebitmap_destroy(&r->level[0].cat); 1027out: 1028 return rc; 1029} 1030 1031/* 1032 * Read and validate a security context structure 1033 * from a policydb binary representation file. 1034 */ 1035static int context_read_and_validate(struct context *c, 1036 struct policydb *p, 1037 void *fp) 1038{ 1039 __le32 buf[3]; 1040 int rc; 1041 1042 rc = next_entry(buf, fp, sizeof buf); 1043 if (rc) { 1044 pr_err("SELinux: context truncated\n"); 1045 goto out; 1046 } 1047 c->user = le32_to_cpu(buf[0]); 1048 c->role = le32_to_cpu(buf[1]); 1049 c->type = le32_to_cpu(buf[2]); 1050 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1051 rc = mls_read_range_helper(&c->range, fp); 1052 if (rc) { 1053 pr_err("SELinux: error reading MLS range of context\n"); 1054 goto out; 1055 } 1056 } 1057 1058 rc = -EINVAL; 1059 if (!policydb_context_isvalid(p, c)) { 1060 pr_err("SELinux: invalid security context\n"); 1061 context_destroy(c); 1062 goto out; 1063 } 1064 rc = 0; 1065out: 1066 return rc; 1067} 1068 1069/* 1070 * The following *_read functions are used to 1071 * read the symbol data from a policy database 1072 * binary representation file. 1073 */ 1074 1075static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1076{ 1077 int rc; 1078 char *str; 1079 1080 if ((len == 0) || (len == (u32)-1)) 1081 return -EINVAL; 1082 1083 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1084 if (!str) 1085 return -ENOMEM; 1086 1087 rc = next_entry(str, fp, len); 1088 if (rc) { 1089 kfree(str); 1090 return rc; 1091 } 1092 1093 str[len] = '\0'; 1094 *strp = str; 1095 return 0; 1096} 1097 1098static int perm_read(struct policydb *p, struct symtab *s, void *fp) 1099{ 1100 char *key = NULL; 1101 struct perm_datum *perdatum; 1102 int rc; 1103 __le32 buf[2]; 1104 u32 len; 1105 1106 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1107 if (!perdatum) 1108 return -ENOMEM; 1109 1110 rc = next_entry(buf, fp, sizeof buf); 1111 if (rc) 1112 goto bad; 1113 1114 len = le32_to_cpu(buf[0]); 1115 perdatum->value = le32_to_cpu(buf[1]); 1116 1117 rc = str_read(&key, GFP_KERNEL, fp, len); 1118 if (rc) 1119 goto bad; 1120 1121 rc = symtab_insert(s, key, perdatum); 1122 if (rc) 1123 goto bad; 1124 1125 return 0; 1126bad: 1127 perm_destroy(key, perdatum, NULL); 1128 return rc; 1129} 1130 1131static int common_read(struct policydb *p, struct symtab *s, void *fp) 1132{ 1133 char *key = NULL; 1134 struct common_datum *comdatum; 1135 __le32 buf[4]; 1136 u32 len, nel; 1137 int i, rc; 1138 1139 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1140 if (!comdatum) 1141 return -ENOMEM; 1142 1143 rc = next_entry(buf, fp, sizeof buf); 1144 if (rc) 1145 goto bad; 1146 1147 len = le32_to_cpu(buf[0]); 1148 comdatum->value = le32_to_cpu(buf[1]); 1149 nel = le32_to_cpu(buf[3]); 1150 1151 rc = symtab_init(&comdatum->permissions, nel); 1152 if (rc) 1153 goto bad; 1154 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1155 1156 rc = str_read(&key, GFP_KERNEL, fp, len); 1157 if (rc) 1158 goto bad; 1159 1160 for (i = 0; i < nel; i++) { 1161 rc = perm_read(p, &comdatum->permissions, fp); 1162 if (rc) 1163 goto bad; 1164 } 1165 1166 rc = symtab_insert(s, key, comdatum); 1167 if (rc) 1168 goto bad; 1169 return 0; 1170bad: 1171 common_destroy(key, comdatum, NULL); 1172 return rc; 1173} 1174 1175static void type_set_init(struct type_set *t) 1176{ 1177 ebitmap_init(&t->types); 1178 ebitmap_init(&t->negset); 1179} 1180 1181static int type_set_read(struct type_set *t, void *fp) 1182{ 1183 __le32 buf[1]; 1184 int rc; 1185 1186 if (ebitmap_read(&t->types, fp)) 1187 return -EINVAL; 1188 if (ebitmap_read(&t->negset, fp)) 1189 return -EINVAL; 1190 1191 rc = next_entry(buf, fp, sizeof(u32)); 1192 if (rc < 0) 1193 return -EINVAL; 1194 t->flags = le32_to_cpu(buf[0]); 1195 1196 return 0; 1197} 1198 1199 1200static int read_cons_helper(struct policydb *p, 1201 struct constraint_node **nodep, 1202 int ncons, int allowxtarget, void *fp) 1203{ 1204 struct constraint_node *c, *lc; 1205 struct constraint_expr *e, *le; 1206 __le32 buf[3]; 1207 u32 nexpr; 1208 int rc, i, j, depth; 1209 1210 lc = NULL; 1211 for (i = 0; i < ncons; i++) { 1212 c = kzalloc(sizeof(*c), GFP_KERNEL); 1213 if (!c) 1214 return -ENOMEM; 1215 1216 if (lc) 1217 lc->next = c; 1218 else 1219 *nodep = c; 1220 1221 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1222 if (rc) 1223 return rc; 1224 c->permissions = le32_to_cpu(buf[0]); 1225 nexpr = le32_to_cpu(buf[1]); 1226 le = NULL; 1227 depth = -1; 1228 for (j = 0; j < nexpr; j++) { 1229 e = kzalloc(sizeof(*e), GFP_KERNEL); 1230 if (!e) 1231 return -ENOMEM; 1232 1233 if (le) 1234 le->next = e; 1235 else 1236 c->expr = e; 1237 1238 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1239 if (rc) 1240 return rc; 1241 e->expr_type = le32_to_cpu(buf[0]); 1242 e->attr = le32_to_cpu(buf[1]); 1243 e->op = le32_to_cpu(buf[2]); 1244 1245 switch (e->expr_type) { 1246 case CEXPR_NOT: 1247 if (depth < 0) 1248 return -EINVAL; 1249 break; 1250 case CEXPR_AND: 1251 case CEXPR_OR: 1252 if (depth < 1) 1253 return -EINVAL; 1254 depth--; 1255 break; 1256 case CEXPR_ATTR: 1257 if (depth == (CEXPR_MAXDEPTH - 1)) 1258 return -EINVAL; 1259 depth++; 1260 break; 1261 case CEXPR_NAMES: 1262 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1263 return -EINVAL; 1264 if (depth == (CEXPR_MAXDEPTH - 1)) 1265 return -EINVAL; 1266 depth++; 1267 rc = ebitmap_read(&e->names, fp); 1268 if (rc) 1269 return rc; 1270 if (p->policyvers >= 1271 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1272 e->type_names = kzalloc(sizeof 1273 (*e->type_names), GFP_KERNEL); 1274 if (!e->type_names) 1275 return -ENOMEM; 1276 type_set_init(e->type_names); 1277 rc = type_set_read(e->type_names, fp); 1278 if (rc) 1279 return rc; 1280 } 1281 break; 1282 default: 1283 return -EINVAL; 1284 } 1285 le = e; 1286 } 1287 if (depth != 0) 1288 return -EINVAL; 1289 lc = c; 1290 } 1291 1292 return 0; 1293} 1294 1295static int class_read(struct policydb *p, struct symtab *s, void *fp) 1296{ 1297 char *key = NULL; 1298 struct class_datum *cladatum; 1299 __le32 buf[6]; 1300 u32 len, len2, ncons, nel; 1301 int i, rc; 1302 1303 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1304 if (!cladatum) 1305 return -ENOMEM; 1306 1307 rc = next_entry(buf, fp, sizeof(u32)*6); 1308 if (rc) 1309 goto bad; 1310 1311 len = le32_to_cpu(buf[0]); 1312 len2 = le32_to_cpu(buf[1]); 1313 cladatum->value = le32_to_cpu(buf[2]); 1314 nel = le32_to_cpu(buf[4]); 1315 1316 rc = symtab_init(&cladatum->permissions, nel); 1317 if (rc) 1318 goto bad; 1319 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1320 1321 ncons = le32_to_cpu(buf[5]); 1322 1323 rc = str_read(&key, GFP_KERNEL, fp, len); 1324 if (rc) 1325 goto bad; 1326 1327 if (len2) { 1328 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1329 if (rc) 1330 goto bad; 1331 1332 rc = -EINVAL; 1333 cladatum->comdatum = symtab_search(&p->p_commons, 1334 cladatum->comkey); 1335 if (!cladatum->comdatum) { 1336 pr_err("SELinux: unknown common %s\n", 1337 cladatum->comkey); 1338 goto bad; 1339 } 1340 } 1341 for (i = 0; i < nel; i++) { 1342 rc = perm_read(p, &cladatum->permissions, fp); 1343 if (rc) 1344 goto bad; 1345 } 1346 1347 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1348 if (rc) 1349 goto bad; 1350 1351 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1352 /* grab the validatetrans rules */ 1353 rc = next_entry(buf, fp, sizeof(u32)); 1354 if (rc) 1355 goto bad; 1356 ncons = le32_to_cpu(buf[0]); 1357 rc = read_cons_helper(p, &cladatum->validatetrans, 1358 ncons, 1, fp); 1359 if (rc) 1360 goto bad; 1361 } 1362 1363 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1364 rc = next_entry(buf, fp, sizeof(u32) * 3); 1365 if (rc) 1366 goto bad; 1367 1368 cladatum->default_user = le32_to_cpu(buf[0]); 1369 cladatum->default_role = le32_to_cpu(buf[1]); 1370 cladatum->default_range = le32_to_cpu(buf[2]); 1371 } 1372 1373 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1374 rc = next_entry(buf, fp, sizeof(u32) * 1); 1375 if (rc) 1376 goto bad; 1377 cladatum->default_type = le32_to_cpu(buf[0]); 1378 } 1379 1380 rc = symtab_insert(s, key, cladatum); 1381 if (rc) 1382 goto bad; 1383 1384 return 0; 1385bad: 1386 cls_destroy(key, cladatum, NULL); 1387 return rc; 1388} 1389 1390static int role_read(struct policydb *p, struct symtab *s, void *fp) 1391{ 1392 char *key = NULL; 1393 struct role_datum *role; 1394 int rc, to_read = 2; 1395 __le32 buf[3]; 1396 u32 len; 1397 1398 role = kzalloc(sizeof(*role), GFP_KERNEL); 1399 if (!role) 1400 return -ENOMEM; 1401 1402 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1403 to_read = 3; 1404 1405 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1406 if (rc) 1407 goto bad; 1408 1409 len = le32_to_cpu(buf[0]); 1410 role->value = le32_to_cpu(buf[1]); 1411 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1412 role->bounds = le32_to_cpu(buf[2]); 1413 1414 rc = str_read(&key, GFP_KERNEL, fp, len); 1415 if (rc) 1416 goto bad; 1417 1418 rc = ebitmap_read(&role->dominates, fp); 1419 if (rc) 1420 goto bad; 1421 1422 rc = ebitmap_read(&role->types, fp); 1423 if (rc) 1424 goto bad; 1425 1426 if (strcmp(key, OBJECT_R) == 0) { 1427 rc = -EINVAL; 1428 if (role->value != OBJECT_R_VAL) { 1429 pr_err("SELinux: Role %s has wrong value %d\n", 1430 OBJECT_R, role->value); 1431 goto bad; 1432 } 1433 rc = 0; 1434 goto bad; 1435 } 1436 1437 rc = symtab_insert(s, key, role); 1438 if (rc) 1439 goto bad; 1440 return 0; 1441bad: 1442 role_destroy(key, role, NULL); 1443 return rc; 1444} 1445 1446static int type_read(struct policydb *p, struct symtab *s, void *fp) 1447{ 1448 char *key = NULL; 1449 struct type_datum *typdatum; 1450 int rc, to_read = 3; 1451 __le32 buf[4]; 1452 u32 len; 1453 1454 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1455 if (!typdatum) 1456 return -ENOMEM; 1457 1458 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1459 to_read = 4; 1460 1461 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1462 if (rc) 1463 goto bad; 1464 1465 len = le32_to_cpu(buf[0]); 1466 typdatum->value = le32_to_cpu(buf[1]); 1467 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1468 u32 prop = le32_to_cpu(buf[2]); 1469 1470 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1471 typdatum->primary = 1; 1472 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1473 typdatum->attribute = 1; 1474 1475 typdatum->bounds = le32_to_cpu(buf[3]); 1476 } else { 1477 typdatum->primary = le32_to_cpu(buf[2]); 1478 } 1479 1480 rc = str_read(&key, GFP_KERNEL, fp, len); 1481 if (rc) 1482 goto bad; 1483 1484 rc = symtab_insert(s, key, typdatum); 1485 if (rc) 1486 goto bad; 1487 return 0; 1488bad: 1489 type_destroy(key, typdatum, NULL); 1490 return rc; 1491} 1492 1493 1494/* 1495 * Read a MLS level structure from a policydb binary 1496 * representation file. 1497 */ 1498static int mls_read_level(struct mls_level *lp, void *fp) 1499{ 1500 __le32 buf[1]; 1501 int rc; 1502 1503 memset(lp, 0, sizeof(*lp)); 1504 1505 rc = next_entry(buf, fp, sizeof buf); 1506 if (rc) { 1507 pr_err("SELinux: mls: truncated level\n"); 1508 return rc; 1509 } 1510 lp->sens = le32_to_cpu(buf[0]); 1511 1512 rc = ebitmap_read(&lp->cat, fp); 1513 if (rc) { 1514 pr_err("SELinux: mls: error reading level categories\n"); 1515 return rc; 1516 } 1517 return 0; 1518} 1519 1520static int user_read(struct policydb *p, struct symtab *s, void *fp) 1521{ 1522 char *key = NULL; 1523 struct user_datum *usrdatum; 1524 int rc, to_read = 2; 1525 __le32 buf[3]; 1526 u32 len; 1527 1528 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1529 if (!usrdatum) 1530 return -ENOMEM; 1531 1532 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1533 to_read = 3; 1534 1535 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1536 if (rc) 1537 goto bad; 1538 1539 len = le32_to_cpu(buf[0]); 1540 usrdatum->value = le32_to_cpu(buf[1]); 1541 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1542 usrdatum->bounds = le32_to_cpu(buf[2]); 1543 1544 rc = str_read(&key, GFP_KERNEL, fp, len); 1545 if (rc) 1546 goto bad; 1547 1548 rc = ebitmap_read(&usrdatum->roles, fp); 1549 if (rc) 1550 goto bad; 1551 1552 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1553 rc = mls_read_range_helper(&usrdatum->range, fp); 1554 if (rc) 1555 goto bad; 1556 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1557 if (rc) 1558 goto bad; 1559 } 1560 1561 rc = symtab_insert(s, key, usrdatum); 1562 if (rc) 1563 goto bad; 1564 return 0; 1565bad: 1566 user_destroy(key, usrdatum, NULL); 1567 return rc; 1568} 1569 1570static int sens_read(struct policydb *p, struct symtab *s, void *fp) 1571{ 1572 char *key = NULL; 1573 struct level_datum *levdatum; 1574 int rc; 1575 __le32 buf[2]; 1576 u32 len; 1577 1578 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1579 if (!levdatum) 1580 return -ENOMEM; 1581 1582 rc = next_entry(buf, fp, sizeof buf); 1583 if (rc) 1584 goto bad; 1585 1586 len = le32_to_cpu(buf[0]); 1587 levdatum->isalias = le32_to_cpu(buf[1]); 1588 1589 rc = str_read(&key, GFP_ATOMIC, fp, len); 1590 if (rc) 1591 goto bad; 1592 1593 rc = -ENOMEM; 1594 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC); 1595 if (!levdatum->level) 1596 goto bad; 1597 1598 rc = mls_read_level(levdatum->level, fp); 1599 if (rc) 1600 goto bad; 1601 1602 rc = symtab_insert(s, key, levdatum); 1603 if (rc) 1604 goto bad; 1605 return 0; 1606bad: 1607 sens_destroy(key, levdatum, NULL); 1608 return rc; 1609} 1610 1611static int cat_read(struct policydb *p, struct symtab *s, void *fp) 1612{ 1613 char *key = NULL; 1614 struct cat_datum *catdatum; 1615 int rc; 1616 __le32 buf[3]; 1617 u32 len; 1618 1619 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1620 if (!catdatum) 1621 return -ENOMEM; 1622 1623 rc = next_entry(buf, fp, sizeof buf); 1624 if (rc) 1625 goto bad; 1626 1627 len = le32_to_cpu(buf[0]); 1628 catdatum->value = le32_to_cpu(buf[1]); 1629 catdatum->isalias = le32_to_cpu(buf[2]); 1630 1631 rc = str_read(&key, GFP_ATOMIC, fp, len); 1632 if (rc) 1633 goto bad; 1634 1635 rc = symtab_insert(s, key, catdatum); 1636 if (rc) 1637 goto bad; 1638 return 0; 1639bad: 1640 cat_destroy(key, catdatum, NULL); 1641 return rc; 1642} 1643 1644static int (*read_f[SYM_NUM]) (struct policydb *p, struct symtab *s, void *fp) = 1645{ 1646 common_read, 1647 class_read, 1648 role_read, 1649 type_read, 1650 user_read, 1651 cond_read_bool, 1652 sens_read, 1653 cat_read, 1654}; 1655 1656static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1657{ 1658 struct user_datum *upper, *user; 1659 struct policydb *p = datap; 1660 int depth = 0; 1661 1662 upper = user = datum; 1663 while (upper->bounds) { 1664 struct ebitmap_node *node; 1665 unsigned long bit; 1666 1667 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1668 pr_err("SELinux: user %s: " 1669 "too deep or looped boundary", 1670 (char *) key); 1671 return -EINVAL; 1672 } 1673 1674 upper = p->user_val_to_struct[upper->bounds - 1]; 1675 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1676 if (ebitmap_get_bit(&upper->roles, bit)) 1677 continue; 1678 1679 pr_err("SELinux: boundary violated policy: " 1680 "user=%s role=%s bounds=%s\n", 1681 sym_name(p, SYM_USERS, user->value - 1), 1682 sym_name(p, SYM_ROLES, bit), 1683 sym_name(p, SYM_USERS, upper->value - 1)); 1684 1685 return -EINVAL; 1686 } 1687 } 1688 1689 return 0; 1690} 1691 1692static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1693{ 1694 struct role_datum *upper, *role; 1695 struct policydb *p = datap; 1696 int depth = 0; 1697 1698 upper = role = datum; 1699 while (upper->bounds) { 1700 struct ebitmap_node *node; 1701 unsigned long bit; 1702 1703 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1704 pr_err("SELinux: role %s: " 1705 "too deep or looped bounds\n", 1706 (char *) key); 1707 return -EINVAL; 1708 } 1709 1710 upper = p->role_val_to_struct[upper->bounds - 1]; 1711 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1712 if (ebitmap_get_bit(&upper->types, bit)) 1713 continue; 1714 1715 pr_err("SELinux: boundary violated policy: " 1716 "role=%s type=%s bounds=%s\n", 1717 sym_name(p, SYM_ROLES, role->value - 1), 1718 sym_name(p, SYM_TYPES, bit), 1719 sym_name(p, SYM_ROLES, upper->value - 1)); 1720 1721 return -EINVAL; 1722 } 1723 } 1724 1725 return 0; 1726} 1727 1728static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1729{ 1730 struct type_datum *upper; 1731 struct policydb *p = datap; 1732 int depth = 0; 1733 1734 upper = datum; 1735 while (upper->bounds) { 1736 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1737 pr_err("SELinux: type %s: " 1738 "too deep or looped boundary\n", 1739 (char *) key); 1740 return -EINVAL; 1741 } 1742 1743 upper = p->type_val_to_struct[upper->bounds - 1]; 1744 BUG_ON(!upper); 1745 1746 if (upper->attribute) { 1747 pr_err("SELinux: type %s: " 1748 "bounded by attribute %s", 1749 (char *) key, 1750 sym_name(p, SYM_TYPES, upper->value - 1)); 1751 return -EINVAL; 1752 } 1753 } 1754 1755 return 0; 1756} 1757 1758static int policydb_bounds_sanity_check(struct policydb *p) 1759{ 1760 int rc; 1761 1762 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1763 return 0; 1764 1765 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p); 1766 if (rc) 1767 return rc; 1768 1769 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p); 1770 if (rc) 1771 return rc; 1772 1773 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p); 1774 if (rc) 1775 return rc; 1776 1777 return 0; 1778} 1779 1780u16 string_to_security_class(struct policydb *p, const char *name) 1781{ 1782 struct class_datum *cladatum; 1783 1784 cladatum = symtab_search(&p->p_classes, name); 1785 if (!cladatum) 1786 return 0; 1787 1788 return cladatum->value; 1789} 1790 1791u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1792{ 1793 struct class_datum *cladatum; 1794 struct perm_datum *perdatum = NULL; 1795 struct common_datum *comdatum; 1796 1797 if (!tclass || tclass > p->p_classes.nprim) 1798 return 0; 1799 1800 cladatum = p->class_val_to_struct[tclass-1]; 1801 comdatum = cladatum->comdatum; 1802 if (comdatum) 1803 perdatum = symtab_search(&comdatum->permissions, name); 1804 if (!perdatum) 1805 perdatum = symtab_search(&cladatum->permissions, name); 1806 if (!perdatum) 1807 return 0; 1808 1809 return 1U << (perdatum->value-1); 1810} 1811 1812static int range_read(struct policydb *p, void *fp) 1813{ 1814 struct range_trans *rt = NULL; 1815 struct mls_range *r = NULL; 1816 int i, rc; 1817 __le32 buf[2]; 1818 u32 nel; 1819 1820 if (p->policyvers < POLICYDB_VERSION_MLS) 1821 return 0; 1822 1823 rc = next_entry(buf, fp, sizeof(u32)); 1824 if (rc) 1825 return rc; 1826 1827 nel = le32_to_cpu(buf[0]); 1828 1829 rc = hashtab_init(&p->range_tr, nel); 1830 if (rc) 1831 return rc; 1832 1833 for (i = 0; i < nel; i++) { 1834 rc = -ENOMEM; 1835 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1836 if (!rt) 1837 goto out; 1838 1839 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1840 if (rc) 1841 goto out; 1842 1843 rt->source_type = le32_to_cpu(buf[0]); 1844 rt->target_type = le32_to_cpu(buf[1]); 1845 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1846 rc = next_entry(buf, fp, sizeof(u32)); 1847 if (rc) 1848 goto out; 1849 rt->target_class = le32_to_cpu(buf[0]); 1850 } else 1851 rt->target_class = p->process_class; 1852 1853 rc = -EINVAL; 1854 if (!policydb_type_isvalid(p, rt->source_type) || 1855 !policydb_type_isvalid(p, rt->target_type) || 1856 !policydb_class_isvalid(p, rt->target_class)) 1857 goto out; 1858 1859 rc = -ENOMEM; 1860 r = kzalloc(sizeof(*r), GFP_KERNEL); 1861 if (!r) 1862 goto out; 1863 1864 rc = mls_read_range_helper(r, fp); 1865 if (rc) 1866 goto out; 1867 1868 rc = -EINVAL; 1869 if (!mls_range_isvalid(p, r)) { 1870 pr_warn("SELinux: rangetrans: invalid range\n"); 1871 goto out; 1872 } 1873 1874 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params); 1875 if (rc) 1876 goto out; 1877 1878 rt = NULL; 1879 r = NULL; 1880 } 1881 hash_eval(&p->range_tr, "rangetr"); 1882 rc = 0; 1883out: 1884 kfree(rt); 1885 kfree(r); 1886 return rc; 1887} 1888 1889static int filename_trans_read_helper_compat(struct policydb *p, void *fp) 1890{ 1891 struct filename_trans_key key, *ft = NULL; 1892 struct filename_trans_datum *last, *datum = NULL; 1893 char *name = NULL; 1894 u32 len, stype, otype; 1895 __le32 buf[4]; 1896 int rc; 1897 1898 /* length of the path component string */ 1899 rc = next_entry(buf, fp, sizeof(u32)); 1900 if (rc) 1901 return rc; 1902 len = le32_to_cpu(buf[0]); 1903 1904 /* path component string */ 1905 rc = str_read(&name, GFP_KERNEL, fp, len); 1906 if (rc) 1907 return rc; 1908 1909 rc = next_entry(buf, fp, sizeof(u32) * 4); 1910 if (rc) 1911 goto out; 1912 1913 stype = le32_to_cpu(buf[0]); 1914 key.ttype = le32_to_cpu(buf[1]); 1915 key.tclass = le32_to_cpu(buf[2]); 1916 key.name = name; 1917 1918 otype = le32_to_cpu(buf[3]); 1919 1920 last = NULL; 1921 datum = policydb_filenametr_search(p, &key); 1922 while (datum) { 1923 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { 1924 /* conflicting/duplicate rules are ignored */ 1925 datum = NULL; 1926 goto out; 1927 } 1928 if (likely(datum->otype == otype)) 1929 break; 1930 last = datum; 1931 datum = datum->next; 1932 } 1933 if (!datum) { 1934 rc = -ENOMEM; 1935 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 1936 if (!datum) 1937 goto out; 1938 1939 ebitmap_init(&datum->stypes); 1940 datum->otype = otype; 1941 datum->next = NULL; 1942 1943 if (unlikely(last)) { 1944 last->next = datum; 1945 } else { 1946 rc = -ENOMEM; 1947 ft = kmemdup(&key, sizeof(key), GFP_KERNEL); 1948 if (!ft) 1949 goto out; 1950 1951 rc = hashtab_insert(&p->filename_trans, ft, datum, 1952 filenametr_key_params); 1953 if (rc) 1954 goto out; 1955 name = NULL; 1956 1957 rc = ebitmap_set_bit(&p->filename_trans_ttypes, 1958 key.ttype, 1); 1959 if (rc) 1960 return rc; 1961 } 1962 } 1963 kfree(name); 1964 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 1965 1966out: 1967 kfree(ft); 1968 kfree(name); 1969 kfree(datum); 1970 return rc; 1971} 1972 1973static int filename_trans_read_helper(struct policydb *p, void *fp) 1974{ 1975 struct filename_trans_key *ft = NULL; 1976 struct filename_trans_datum **dst, *datum, *first = NULL; 1977 char *name = NULL; 1978 u32 len, ttype, tclass, ndatum, i; 1979 __le32 buf[3]; 1980 int rc; 1981 1982 /* length of the path component string */ 1983 rc = next_entry(buf, fp, sizeof(u32)); 1984 if (rc) 1985 return rc; 1986 len = le32_to_cpu(buf[0]); 1987 1988 /* path component string */ 1989 rc = str_read(&name, GFP_KERNEL, fp, len); 1990 if (rc) 1991 return rc; 1992 1993 rc = next_entry(buf, fp, sizeof(u32) * 3); 1994 if (rc) 1995 goto out; 1996 1997 ttype = le32_to_cpu(buf[0]); 1998 tclass = le32_to_cpu(buf[1]); 1999 2000 ndatum = le32_to_cpu(buf[2]); 2001 if (ndatum == 0) { 2002 pr_err("SELinux: Filename transition key with no datum\n"); 2003 rc = -ENOENT; 2004 goto out; 2005 } 2006 2007 dst = &first; 2008 for (i = 0; i < ndatum; i++) { 2009 rc = -ENOMEM; 2010 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 2011 if (!datum) 2012 goto out; 2013 2014 datum->next = NULL; 2015 *dst = datum; 2016 2017 /* ebitmap_read() will at least init the bitmap */ 2018 rc = ebitmap_read(&datum->stypes, fp); 2019 if (rc) 2020 goto out; 2021 2022 rc = next_entry(buf, fp, sizeof(u32)); 2023 if (rc) 2024 goto out; 2025 2026 datum->otype = le32_to_cpu(buf[0]); 2027 2028 dst = &datum->next; 2029 } 2030 2031 rc = -ENOMEM; 2032 ft = kmalloc(sizeof(*ft), GFP_KERNEL); 2033 if (!ft) 2034 goto out; 2035 2036 ft->ttype = ttype; 2037 ft->tclass = tclass; 2038 ft->name = name; 2039 2040 rc = hashtab_insert(&p->filename_trans, ft, first, 2041 filenametr_key_params); 2042 if (rc == -EEXIST) 2043 pr_err("SELinux: Duplicate filename transition key\n"); 2044 if (rc) 2045 goto out; 2046 2047 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1); 2048 2049out: 2050 kfree(ft); 2051 kfree(name); 2052 while (first) { 2053 datum = first; 2054 first = first->next; 2055 2056 ebitmap_destroy(&datum->stypes); 2057 kfree(datum); 2058 } 2059 return rc; 2060} 2061 2062static int filename_trans_read(struct policydb *p, void *fp) 2063{ 2064 u32 nel; 2065 __le32 buf[1]; 2066 int rc, i; 2067 2068 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 2069 return 0; 2070 2071 rc = next_entry(buf, fp, sizeof(u32)); 2072 if (rc) 2073 return rc; 2074 nel = le32_to_cpu(buf[0]); 2075 2076 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 2077 p->compat_filename_trans_count = nel; 2078 2079 rc = hashtab_init(&p->filename_trans, (1 << 11)); 2080 if (rc) 2081 return rc; 2082 2083 for (i = 0; i < nel; i++) { 2084 rc = filename_trans_read_helper_compat(p, fp); 2085 if (rc) 2086 return rc; 2087 } 2088 } else { 2089 rc = hashtab_init(&p->filename_trans, nel); 2090 if (rc) 2091 return rc; 2092 2093 for (i = 0; i < nel; i++) { 2094 rc = filename_trans_read_helper(p, fp); 2095 if (rc) 2096 return rc; 2097 } 2098 } 2099 hash_eval(&p->filename_trans, "filenametr"); 2100 return 0; 2101} 2102 2103static int genfs_read(struct policydb *p, void *fp) 2104{ 2105 int i, j, rc; 2106 u32 nel, nel2, len, len2; 2107 __le32 buf[1]; 2108 struct ocontext *l, *c; 2109 struct ocontext *newc = NULL; 2110 struct genfs *genfs_p, *genfs; 2111 struct genfs *newgenfs = NULL; 2112 2113 rc = next_entry(buf, fp, sizeof(u32)); 2114 if (rc) 2115 return rc; 2116 nel = le32_to_cpu(buf[0]); 2117 2118 for (i = 0; i < nel; i++) { 2119 rc = next_entry(buf, fp, sizeof(u32)); 2120 if (rc) 2121 goto out; 2122 len = le32_to_cpu(buf[0]); 2123 2124 rc = -ENOMEM; 2125 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2126 if (!newgenfs) 2127 goto out; 2128 2129 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2130 if (rc) 2131 goto out; 2132 2133 for (genfs_p = NULL, genfs = p->genfs; genfs; 2134 genfs_p = genfs, genfs = genfs->next) { 2135 rc = -EINVAL; 2136 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2137 pr_err("SELinux: dup genfs fstype %s\n", 2138 newgenfs->fstype); 2139 goto out; 2140 } 2141 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2142 break; 2143 } 2144 newgenfs->next = genfs; 2145 if (genfs_p) 2146 genfs_p->next = newgenfs; 2147 else 2148 p->genfs = newgenfs; 2149 genfs = newgenfs; 2150 newgenfs = NULL; 2151 2152 rc = next_entry(buf, fp, sizeof(u32)); 2153 if (rc) 2154 goto out; 2155 2156 nel2 = le32_to_cpu(buf[0]); 2157 for (j = 0; j < nel2; j++) { 2158 rc = next_entry(buf, fp, sizeof(u32)); 2159 if (rc) 2160 goto out; 2161 len = le32_to_cpu(buf[0]); 2162 2163 rc = -ENOMEM; 2164 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2165 if (!newc) 2166 goto out; 2167 2168 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2169 if (rc) 2170 goto out; 2171 2172 rc = next_entry(buf, fp, sizeof(u32)); 2173 if (rc) 2174 goto out; 2175 2176 newc->v.sclass = le32_to_cpu(buf[0]); 2177 rc = context_read_and_validate(&newc->context[0], p, fp); 2178 if (rc) 2179 goto out; 2180 2181 for (l = NULL, c = genfs->head; c; 2182 l = c, c = c->next) { 2183 rc = -EINVAL; 2184 if (!strcmp(newc->u.name, c->u.name) && 2185 (!c->v.sclass || !newc->v.sclass || 2186 newc->v.sclass == c->v.sclass)) { 2187 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2188 genfs->fstype, c->u.name); 2189 goto out; 2190 } 2191 len = strlen(newc->u.name); 2192 len2 = strlen(c->u.name); 2193 if (len > len2) 2194 break; 2195 } 2196 2197 newc->next = c; 2198 if (l) 2199 l->next = newc; 2200 else 2201 genfs->head = newc; 2202 newc = NULL; 2203 } 2204 } 2205 rc = 0; 2206out: 2207 if (newgenfs) { 2208 kfree(newgenfs->fstype); 2209 kfree(newgenfs); 2210 } 2211 ocontext_destroy(newc, OCON_FSUSE); 2212 2213 return rc; 2214} 2215 2216static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2217 void *fp) 2218{ 2219 int i, j, rc; 2220 u32 nel, len; 2221 __be64 prefixbuf[1]; 2222 __le32 buf[3]; 2223 struct ocontext *l, *c; 2224 u32 nodebuf[8]; 2225 2226 for (i = 0; i < info->ocon_num; i++) { 2227 rc = next_entry(buf, fp, sizeof(u32)); 2228 if (rc) 2229 goto out; 2230 nel = le32_to_cpu(buf[0]); 2231 2232 l = NULL; 2233 for (j = 0; j < nel; j++) { 2234 rc = -ENOMEM; 2235 c = kzalloc(sizeof(*c), GFP_KERNEL); 2236 if (!c) 2237 goto out; 2238 if (l) 2239 l->next = c; 2240 else 2241 p->ocontexts[i] = c; 2242 l = c; 2243 2244 switch (i) { 2245 case OCON_ISID: 2246 rc = next_entry(buf, fp, sizeof(u32)); 2247 if (rc) 2248 goto out; 2249 2250 c->sid[0] = le32_to_cpu(buf[0]); 2251 rc = context_read_and_validate(&c->context[0], p, fp); 2252 if (rc) 2253 goto out; 2254 break; 2255 case OCON_FS: 2256 case OCON_NETIF: 2257 rc = next_entry(buf, fp, sizeof(u32)); 2258 if (rc) 2259 goto out; 2260 len = le32_to_cpu(buf[0]); 2261 2262 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2263 if (rc) 2264 goto out; 2265 2266 rc = context_read_and_validate(&c->context[0], p, fp); 2267 if (rc) 2268 goto out; 2269 rc = context_read_and_validate(&c->context[1], p, fp); 2270 if (rc) 2271 goto out; 2272 break; 2273 case OCON_PORT: 2274 rc = next_entry(buf, fp, sizeof(u32)*3); 2275 if (rc) 2276 goto out; 2277 c->u.port.protocol = le32_to_cpu(buf[0]); 2278 c->u.port.low_port = le32_to_cpu(buf[1]); 2279 c->u.port.high_port = le32_to_cpu(buf[2]); 2280 rc = context_read_and_validate(&c->context[0], p, fp); 2281 if (rc) 2282 goto out; 2283 break; 2284 case OCON_NODE: 2285 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2286 if (rc) 2287 goto out; 2288 c->u.node.addr = nodebuf[0]; /* network order */ 2289 c->u.node.mask = nodebuf[1]; /* network order */ 2290 rc = context_read_and_validate(&c->context[0], p, fp); 2291 if (rc) 2292 goto out; 2293 break; 2294 case OCON_FSUSE: 2295 rc = next_entry(buf, fp, sizeof(u32)*2); 2296 if (rc) 2297 goto out; 2298 2299 rc = -EINVAL; 2300 c->v.behavior = le32_to_cpu(buf[0]); 2301 /* Determined at runtime, not in policy DB. */ 2302 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2303 goto out; 2304 if (c->v.behavior > SECURITY_FS_USE_MAX) 2305 goto out; 2306 2307 len = le32_to_cpu(buf[1]); 2308 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2309 if (rc) 2310 goto out; 2311 2312 rc = context_read_and_validate(&c->context[0], p, fp); 2313 if (rc) 2314 goto out; 2315 break; 2316 case OCON_NODE6: { 2317 int k; 2318 2319 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2320 if (rc) 2321 goto out; 2322 for (k = 0; k < 4; k++) 2323 c->u.node6.addr[k] = nodebuf[k]; 2324 for (k = 0; k < 4; k++) 2325 c->u.node6.mask[k] = nodebuf[k+4]; 2326 rc = context_read_and_validate(&c->context[0], p, fp); 2327 if (rc) 2328 goto out; 2329 break; 2330 } 2331 case OCON_IBPKEY: { 2332 u32 pkey_lo, pkey_hi; 2333 2334 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2335 if (rc) 2336 goto out; 2337 2338 /* we need to have subnet_prefix in CPU order */ 2339 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); 2340 2341 rc = next_entry(buf, fp, sizeof(u32) * 2); 2342 if (rc) 2343 goto out; 2344 2345 pkey_lo = le32_to_cpu(buf[0]); 2346 pkey_hi = le32_to_cpu(buf[1]); 2347 2348 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2349 rc = -EINVAL; 2350 goto out; 2351 } 2352 2353 c->u.ibpkey.low_pkey = pkey_lo; 2354 c->u.ibpkey.high_pkey = pkey_hi; 2355 2356 rc = context_read_and_validate(&c->context[0], 2357 p, 2358 fp); 2359 if (rc) 2360 goto out; 2361 break; 2362 } 2363 case OCON_IBENDPORT: { 2364 u32 port; 2365 2366 rc = next_entry(buf, fp, sizeof(u32) * 2); 2367 if (rc) 2368 goto out; 2369 len = le32_to_cpu(buf[0]); 2370 2371 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); 2372 if (rc) 2373 goto out; 2374 2375 port = le32_to_cpu(buf[1]); 2376 if (port > U8_MAX || port == 0) { 2377 rc = -EINVAL; 2378 goto out; 2379 } 2380 2381 c->u.ibendport.port = port; 2382 2383 rc = context_read_and_validate(&c->context[0], 2384 p, 2385 fp); 2386 if (rc) 2387 goto out; 2388 break; 2389 } /* end case */ 2390 } /* end switch */ 2391 } 2392 } 2393 rc = 0; 2394out: 2395 return rc; 2396} 2397 2398/* 2399 * Read the configuration data from a policy database binary 2400 * representation file into a policy database structure. 2401 */ 2402int policydb_read(struct policydb *p, void *fp) 2403{ 2404 struct role_allow *ra, *lra; 2405 struct role_trans_key *rtk = NULL; 2406 struct role_trans_datum *rtd = NULL; 2407 int i, j, rc; 2408 __le32 buf[4]; 2409 u32 len, nprim, nel, perm; 2410 2411 char *policydb_str; 2412 struct policydb_compat_info *info; 2413 2414 policydb_init(p); 2415 2416 /* Read the magic number and string length. */ 2417 rc = next_entry(buf, fp, sizeof(u32) * 2); 2418 if (rc) 2419 goto bad; 2420 2421 rc = -EINVAL; 2422 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2423 pr_err("SELinux: policydb magic number 0x%x does " 2424 "not match expected magic number 0x%x\n", 2425 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2426 goto bad; 2427 } 2428 2429 rc = -EINVAL; 2430 len = le32_to_cpu(buf[1]); 2431 if (len != strlen(POLICYDB_STRING)) { 2432 pr_err("SELinux: policydb string length %d does not " 2433 "match expected length %zu\n", 2434 len, strlen(POLICYDB_STRING)); 2435 goto bad; 2436 } 2437 2438 rc = -ENOMEM; 2439 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2440 if (!policydb_str) { 2441 pr_err("SELinux: unable to allocate memory for policydb " 2442 "string of length %d\n", len); 2443 goto bad; 2444 } 2445 2446 rc = next_entry(policydb_str, fp, len); 2447 if (rc) { 2448 pr_err("SELinux: truncated policydb string identifier\n"); 2449 kfree(policydb_str); 2450 goto bad; 2451 } 2452 2453 rc = -EINVAL; 2454 policydb_str[len] = '\0'; 2455 if (strcmp(policydb_str, POLICYDB_STRING)) { 2456 pr_err("SELinux: policydb string %s does not match " 2457 "my string %s\n", policydb_str, POLICYDB_STRING); 2458 kfree(policydb_str); 2459 goto bad; 2460 } 2461 /* Done with policydb_str. */ 2462 kfree(policydb_str); 2463 policydb_str = NULL; 2464 2465 /* Read the version and table sizes. */ 2466 rc = next_entry(buf, fp, sizeof(u32)*4); 2467 if (rc) 2468 goto bad; 2469 2470 rc = -EINVAL; 2471 p->policyvers = le32_to_cpu(buf[0]); 2472 if (p->policyvers < POLICYDB_VERSION_MIN || 2473 p->policyvers > POLICYDB_VERSION_MAX) { 2474 pr_err("SELinux: policydb version %d does not match " 2475 "my version range %d-%d\n", 2476 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2477 goto bad; 2478 } 2479 2480 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2481 p->mls_enabled = 1; 2482 2483 rc = -EINVAL; 2484 if (p->policyvers < POLICYDB_VERSION_MLS) { 2485 pr_err("SELinux: security policydb version %d " 2486 "(MLS) not backwards compatible\n", 2487 p->policyvers); 2488 goto bad; 2489 } 2490 } 2491 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2492 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2493 2494 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2495 rc = ebitmap_read(&p->policycaps, fp); 2496 if (rc) 2497 goto bad; 2498 } 2499 2500 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2501 rc = ebitmap_read(&p->permissive_map, fp); 2502 if (rc) 2503 goto bad; 2504 } 2505 2506 rc = -EINVAL; 2507 info = policydb_lookup_compat(p->policyvers); 2508 if (!info) { 2509 pr_err("SELinux: unable to find policy compat info " 2510 "for version %d\n", p->policyvers); 2511 goto bad; 2512 } 2513 2514 rc = -EINVAL; 2515 if (le32_to_cpu(buf[2]) != info->sym_num || 2516 le32_to_cpu(buf[3]) != info->ocon_num) { 2517 pr_err("SELinux: policydb table sizes (%d,%d) do " 2518 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2519 le32_to_cpu(buf[3]), 2520 info->sym_num, info->ocon_num); 2521 goto bad; 2522 } 2523 2524 for (i = 0; i < info->sym_num; i++) { 2525 rc = next_entry(buf, fp, sizeof(u32)*2); 2526 if (rc) 2527 goto bad; 2528 nprim = le32_to_cpu(buf[0]); 2529 nel = le32_to_cpu(buf[1]); 2530 2531 rc = symtab_init(&p->symtab[i], nel); 2532 if (rc) 2533 goto out; 2534 2535 if (i == SYM_ROLES) { 2536 rc = roles_init(p); 2537 if (rc) 2538 goto out; 2539 } 2540 2541 for (j = 0; j < nel; j++) { 2542 rc = read_f[i](p, &p->symtab[i], fp); 2543 if (rc) 2544 goto bad; 2545 } 2546 2547 p->symtab[i].nprim = nprim; 2548 } 2549 2550 rc = -EINVAL; 2551 p->process_class = string_to_security_class(p, "process"); 2552 if (!p->process_class) { 2553 pr_err("SELinux: process class is required, not defined in policy\n"); 2554 goto bad; 2555 } 2556 2557 rc = avtab_read(&p->te_avtab, fp, p); 2558 if (rc) 2559 goto bad; 2560 2561 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2562 rc = cond_read_list(p, fp); 2563 if (rc) 2564 goto bad; 2565 } 2566 2567 rc = next_entry(buf, fp, sizeof(u32)); 2568 if (rc) 2569 goto bad; 2570 nel = le32_to_cpu(buf[0]); 2571 2572 rc = hashtab_init(&p->role_tr, nel); 2573 if (rc) 2574 goto bad; 2575 for (i = 0; i < nel; i++) { 2576 rc = -ENOMEM; 2577 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); 2578 if (!rtk) 2579 goto bad; 2580 2581 rc = -ENOMEM; 2582 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL); 2583 if (!rtd) 2584 goto bad; 2585 2586 rc = next_entry(buf, fp, sizeof(u32)*3); 2587 if (rc) 2588 goto bad; 2589 2590 rc = -EINVAL; 2591 rtk->role = le32_to_cpu(buf[0]); 2592 rtk->type = le32_to_cpu(buf[1]); 2593 rtd->new_role = le32_to_cpu(buf[2]); 2594 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2595 rc = next_entry(buf, fp, sizeof(u32)); 2596 if (rc) 2597 goto bad; 2598 rtk->tclass = le32_to_cpu(buf[0]); 2599 } else 2600 rtk->tclass = p->process_class; 2601 2602 rc = -EINVAL; 2603 if (!policydb_role_isvalid(p, rtk->role) || 2604 !policydb_type_isvalid(p, rtk->type) || 2605 !policydb_class_isvalid(p, rtk->tclass) || 2606 !policydb_role_isvalid(p, rtd->new_role)) 2607 goto bad; 2608 2609 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params); 2610 if (rc) 2611 goto bad; 2612 2613 rtk = NULL; 2614 rtd = NULL; 2615 } 2616 2617 rc = next_entry(buf, fp, sizeof(u32)); 2618 if (rc) 2619 goto bad; 2620 nel = le32_to_cpu(buf[0]); 2621 lra = NULL; 2622 for (i = 0; i < nel; i++) { 2623 rc = -ENOMEM; 2624 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2625 if (!ra) 2626 goto bad; 2627 if (lra) 2628 lra->next = ra; 2629 else 2630 p->role_allow = ra; 2631 rc = next_entry(buf, fp, sizeof(u32)*2); 2632 if (rc) 2633 goto bad; 2634 2635 rc = -EINVAL; 2636 ra->role = le32_to_cpu(buf[0]); 2637 ra->new_role = le32_to_cpu(buf[1]); 2638 if (!policydb_role_isvalid(p, ra->role) || 2639 !policydb_role_isvalid(p, ra->new_role)) 2640 goto bad; 2641 lra = ra; 2642 } 2643 2644 rc = filename_trans_read(p, fp); 2645 if (rc) 2646 goto bad; 2647 2648 rc = policydb_index(p); 2649 if (rc) 2650 goto bad; 2651 2652 rc = -EINVAL; 2653 perm = string_to_av_perm(p, p->process_class, "transition"); 2654 if (!perm) { 2655 pr_err("SELinux: process transition permission is required, not defined in policy\n"); 2656 goto bad; 2657 } 2658 p->process_trans_perms = perm; 2659 perm = string_to_av_perm(p, p->process_class, "dyntransition"); 2660 if (!perm) { 2661 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n"); 2662 goto bad; 2663 } 2664 p->process_trans_perms |= perm; 2665 2666 rc = ocontext_read(p, info, fp); 2667 if (rc) 2668 goto bad; 2669 2670 rc = genfs_read(p, fp); 2671 if (rc) 2672 goto bad; 2673 2674 rc = range_read(p, fp); 2675 if (rc) 2676 goto bad; 2677 2678 rc = -ENOMEM; 2679 p->type_attr_map_array = kvcalloc(p->p_types.nprim, 2680 sizeof(*p->type_attr_map_array), 2681 GFP_KERNEL); 2682 if (!p->type_attr_map_array) 2683 goto bad; 2684 2685 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2686 for (i = 0; i < p->p_types.nprim; i++) 2687 ebitmap_init(&p->type_attr_map_array[i]); 2688 2689 for (i = 0; i < p->p_types.nprim; i++) { 2690 struct ebitmap *e = &p->type_attr_map_array[i]; 2691 2692 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2693 rc = ebitmap_read(e, fp); 2694 if (rc) 2695 goto bad; 2696 } 2697 /* add the type itself as the degenerate case */ 2698 rc = ebitmap_set_bit(e, i, 1); 2699 if (rc) 2700 goto bad; 2701 } 2702 2703 rc = policydb_bounds_sanity_check(p); 2704 if (rc) 2705 goto bad; 2706 2707 rc = 0; 2708out: 2709 return rc; 2710bad: 2711 kfree(rtk); 2712 kfree(rtd); 2713 policydb_destroy(p); 2714 goto out; 2715} 2716 2717/* 2718 * Write a MLS level structure to a policydb binary 2719 * representation file. 2720 */ 2721static int mls_write_level(struct mls_level *l, void *fp) 2722{ 2723 __le32 buf[1]; 2724 int rc; 2725 2726 buf[0] = cpu_to_le32(l->sens); 2727 rc = put_entry(buf, sizeof(u32), 1, fp); 2728 if (rc) 2729 return rc; 2730 2731 rc = ebitmap_write(&l->cat, fp); 2732 if (rc) 2733 return rc; 2734 2735 return 0; 2736} 2737 2738/* 2739 * Write a MLS range structure to a policydb binary 2740 * representation file. 2741 */ 2742static int mls_write_range_helper(struct mls_range *r, void *fp) 2743{ 2744 __le32 buf[3]; 2745 size_t items; 2746 int rc, eq; 2747 2748 eq = mls_level_eq(&r->level[1], &r->level[0]); 2749 2750 if (eq) 2751 items = 2; 2752 else 2753 items = 3; 2754 buf[0] = cpu_to_le32(items-1); 2755 buf[1] = cpu_to_le32(r->level[0].sens); 2756 if (!eq) 2757 buf[2] = cpu_to_le32(r->level[1].sens); 2758 2759 BUG_ON(items > ARRAY_SIZE(buf)); 2760 2761 rc = put_entry(buf, sizeof(u32), items, fp); 2762 if (rc) 2763 return rc; 2764 2765 rc = ebitmap_write(&r->level[0].cat, fp); 2766 if (rc) 2767 return rc; 2768 if (!eq) { 2769 rc = ebitmap_write(&r->level[1].cat, fp); 2770 if (rc) 2771 return rc; 2772 } 2773 2774 return 0; 2775} 2776 2777static int sens_write(void *vkey, void *datum, void *ptr) 2778{ 2779 char *key = vkey; 2780 struct level_datum *levdatum = datum; 2781 struct policy_data *pd = ptr; 2782 void *fp = pd->fp; 2783 __le32 buf[2]; 2784 size_t len; 2785 int rc; 2786 2787 len = strlen(key); 2788 buf[0] = cpu_to_le32(len); 2789 buf[1] = cpu_to_le32(levdatum->isalias); 2790 rc = put_entry(buf, sizeof(u32), 2, fp); 2791 if (rc) 2792 return rc; 2793 2794 rc = put_entry(key, 1, len, fp); 2795 if (rc) 2796 return rc; 2797 2798 rc = mls_write_level(levdatum->level, fp); 2799 if (rc) 2800 return rc; 2801 2802 return 0; 2803} 2804 2805static int cat_write(void *vkey, void *datum, void *ptr) 2806{ 2807 char *key = vkey; 2808 struct cat_datum *catdatum = datum; 2809 struct policy_data *pd = ptr; 2810 void *fp = pd->fp; 2811 __le32 buf[3]; 2812 size_t len; 2813 int rc; 2814 2815 len = strlen(key); 2816 buf[0] = cpu_to_le32(len); 2817 buf[1] = cpu_to_le32(catdatum->value); 2818 buf[2] = cpu_to_le32(catdatum->isalias); 2819 rc = put_entry(buf, sizeof(u32), 3, fp); 2820 if (rc) 2821 return rc; 2822 2823 rc = put_entry(key, 1, len, fp); 2824 if (rc) 2825 return rc; 2826 2827 return 0; 2828} 2829 2830static int role_trans_write_one(void *key, void *datum, void *ptr) 2831{ 2832 struct role_trans_key *rtk = key; 2833 struct role_trans_datum *rtd = datum; 2834 struct policy_data *pd = ptr; 2835 void *fp = pd->fp; 2836 struct policydb *p = pd->p; 2837 __le32 buf[3]; 2838 int rc; 2839 2840 buf[0] = cpu_to_le32(rtk->role); 2841 buf[1] = cpu_to_le32(rtk->type); 2842 buf[2] = cpu_to_le32(rtd->new_role); 2843 rc = put_entry(buf, sizeof(u32), 3, fp); 2844 if (rc) 2845 return rc; 2846 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2847 buf[0] = cpu_to_le32(rtk->tclass); 2848 rc = put_entry(buf, sizeof(u32), 1, fp); 2849 if (rc) 2850 return rc; 2851 } 2852 return 0; 2853} 2854 2855static int role_trans_write(struct policydb *p, void *fp) 2856{ 2857 struct policy_data pd = { .p = p, .fp = fp }; 2858 __le32 buf[1]; 2859 int rc; 2860 2861 buf[0] = cpu_to_le32(p->role_tr.nel); 2862 rc = put_entry(buf, sizeof(u32), 1, fp); 2863 if (rc) 2864 return rc; 2865 2866 return hashtab_map(&p->role_tr, role_trans_write_one, &pd); 2867} 2868 2869static int role_allow_write(struct role_allow *r, void *fp) 2870{ 2871 struct role_allow *ra; 2872 __le32 buf[2]; 2873 size_t nel; 2874 int rc; 2875 2876 nel = 0; 2877 for (ra = r; ra; ra = ra->next) 2878 nel++; 2879 buf[0] = cpu_to_le32(nel); 2880 rc = put_entry(buf, sizeof(u32), 1, fp); 2881 if (rc) 2882 return rc; 2883 for (ra = r; ra; ra = ra->next) { 2884 buf[0] = cpu_to_le32(ra->role); 2885 buf[1] = cpu_to_le32(ra->new_role); 2886 rc = put_entry(buf, sizeof(u32), 2, fp); 2887 if (rc) 2888 return rc; 2889 } 2890 return 0; 2891} 2892 2893/* 2894 * Write a security context structure 2895 * to a policydb binary representation file. 2896 */ 2897static int context_write(struct policydb *p, struct context *c, 2898 void *fp) 2899{ 2900 int rc; 2901 __le32 buf[3]; 2902 2903 buf[0] = cpu_to_le32(c->user); 2904 buf[1] = cpu_to_le32(c->role); 2905 buf[2] = cpu_to_le32(c->type); 2906 2907 rc = put_entry(buf, sizeof(u32), 3, fp); 2908 if (rc) 2909 return rc; 2910 2911 rc = mls_write_range_helper(&c->range, fp); 2912 if (rc) 2913 return rc; 2914 2915 return 0; 2916} 2917 2918/* 2919 * The following *_write functions are used to 2920 * write the symbol data to a policy database 2921 * binary representation file. 2922 */ 2923 2924static int perm_write(void *vkey, void *datum, void *fp) 2925{ 2926 char *key = vkey; 2927 struct perm_datum *perdatum = datum; 2928 __le32 buf[2]; 2929 size_t len; 2930 int rc; 2931 2932 len = strlen(key); 2933 buf[0] = cpu_to_le32(len); 2934 buf[1] = cpu_to_le32(perdatum->value); 2935 rc = put_entry(buf, sizeof(u32), 2, fp); 2936 if (rc) 2937 return rc; 2938 2939 rc = put_entry(key, 1, len, fp); 2940 if (rc) 2941 return rc; 2942 2943 return 0; 2944} 2945 2946static int common_write(void *vkey, void *datum, void *ptr) 2947{ 2948 char *key = vkey; 2949 struct common_datum *comdatum = datum; 2950 struct policy_data *pd = ptr; 2951 void *fp = pd->fp; 2952 __le32 buf[4]; 2953 size_t len; 2954 int rc; 2955 2956 len = strlen(key); 2957 buf[0] = cpu_to_le32(len); 2958 buf[1] = cpu_to_le32(comdatum->value); 2959 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2960 buf[3] = cpu_to_le32(comdatum->permissions.table.nel); 2961 rc = put_entry(buf, sizeof(u32), 4, fp); 2962 if (rc) 2963 return rc; 2964 2965 rc = put_entry(key, 1, len, fp); 2966 if (rc) 2967 return rc; 2968 2969 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp); 2970 if (rc) 2971 return rc; 2972 2973 return 0; 2974} 2975 2976static int type_set_write(struct type_set *t, void *fp) 2977{ 2978 int rc; 2979 __le32 buf[1]; 2980 2981 if (ebitmap_write(&t->types, fp)) 2982 return -EINVAL; 2983 if (ebitmap_write(&t->negset, fp)) 2984 return -EINVAL; 2985 2986 buf[0] = cpu_to_le32(t->flags); 2987 rc = put_entry(buf, sizeof(u32), 1, fp); 2988 if (rc) 2989 return -EINVAL; 2990 2991 return 0; 2992} 2993 2994static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2995 void *fp) 2996{ 2997 struct constraint_node *c; 2998 struct constraint_expr *e; 2999 __le32 buf[3]; 3000 u32 nel; 3001 int rc; 3002 3003 for (c = node; c; c = c->next) { 3004 nel = 0; 3005 for (e = c->expr; e; e = e->next) 3006 nel++; 3007 buf[0] = cpu_to_le32(c->permissions); 3008 buf[1] = cpu_to_le32(nel); 3009 rc = put_entry(buf, sizeof(u32), 2, fp); 3010 if (rc) 3011 return rc; 3012 for (e = c->expr; e; e = e->next) { 3013 buf[0] = cpu_to_le32(e->expr_type); 3014 buf[1] = cpu_to_le32(e->attr); 3015 buf[2] = cpu_to_le32(e->op); 3016 rc = put_entry(buf, sizeof(u32), 3, fp); 3017 if (rc) 3018 return rc; 3019 3020 switch (e->expr_type) { 3021 case CEXPR_NAMES: 3022 rc = ebitmap_write(&e->names, fp); 3023 if (rc) 3024 return rc; 3025 if (p->policyvers >= 3026 POLICYDB_VERSION_CONSTRAINT_NAMES) { 3027 rc = type_set_write(e->type_names, fp); 3028 if (rc) 3029 return rc; 3030 } 3031 break; 3032 default: 3033 break; 3034 } 3035 } 3036 } 3037 3038 return 0; 3039} 3040 3041static int class_write(void *vkey, void *datum, void *ptr) 3042{ 3043 char *key = vkey; 3044 struct class_datum *cladatum = datum; 3045 struct policy_data *pd = ptr; 3046 void *fp = pd->fp; 3047 struct policydb *p = pd->p; 3048 struct constraint_node *c; 3049 __le32 buf[6]; 3050 u32 ncons; 3051 size_t len, len2; 3052 int rc; 3053 3054 len = strlen(key); 3055 if (cladatum->comkey) 3056 len2 = strlen(cladatum->comkey); 3057 else 3058 len2 = 0; 3059 3060 ncons = 0; 3061 for (c = cladatum->constraints; c; c = c->next) 3062 ncons++; 3063 3064 buf[0] = cpu_to_le32(len); 3065 buf[1] = cpu_to_le32(len2); 3066 buf[2] = cpu_to_le32(cladatum->value); 3067 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 3068 buf[4] = cpu_to_le32(cladatum->permissions.table.nel); 3069 buf[5] = cpu_to_le32(ncons); 3070 rc = put_entry(buf, sizeof(u32), 6, fp); 3071 if (rc) 3072 return rc; 3073 3074 rc = put_entry(key, 1, len, fp); 3075 if (rc) 3076 return rc; 3077 3078 if (cladatum->comkey) { 3079 rc = put_entry(cladatum->comkey, 1, len2, fp); 3080 if (rc) 3081 return rc; 3082 } 3083 3084 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp); 3085 if (rc) 3086 return rc; 3087 3088 rc = write_cons_helper(p, cladatum->constraints, fp); 3089 if (rc) 3090 return rc; 3091 3092 /* write out the validatetrans rule */ 3093 ncons = 0; 3094 for (c = cladatum->validatetrans; c; c = c->next) 3095 ncons++; 3096 3097 buf[0] = cpu_to_le32(ncons); 3098 rc = put_entry(buf, sizeof(u32), 1, fp); 3099 if (rc) 3100 return rc; 3101 3102 rc = write_cons_helper(p, cladatum->validatetrans, fp); 3103 if (rc) 3104 return rc; 3105 3106 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 3107 buf[0] = cpu_to_le32(cladatum->default_user); 3108 buf[1] = cpu_to_le32(cladatum->default_role); 3109 buf[2] = cpu_to_le32(cladatum->default_range); 3110 3111 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 3112 if (rc) 3113 return rc; 3114 } 3115 3116 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 3117 buf[0] = cpu_to_le32(cladatum->default_type); 3118 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 3119 if (rc) 3120 return rc; 3121 } 3122 3123 return 0; 3124} 3125 3126static int role_write(void *vkey, void *datum, void *ptr) 3127{ 3128 char *key = vkey; 3129 struct role_datum *role = datum; 3130 struct policy_data *pd = ptr; 3131 void *fp = pd->fp; 3132 struct policydb *p = pd->p; 3133 __le32 buf[3]; 3134 size_t items, len; 3135 int rc; 3136 3137 len = strlen(key); 3138 items = 0; 3139 buf[items++] = cpu_to_le32(len); 3140 buf[items++] = cpu_to_le32(role->value); 3141 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3142 buf[items++] = cpu_to_le32(role->bounds); 3143 3144 BUG_ON(items > ARRAY_SIZE(buf)); 3145 3146 rc = put_entry(buf, sizeof(u32), items, fp); 3147 if (rc) 3148 return rc; 3149 3150 rc = put_entry(key, 1, len, fp); 3151 if (rc) 3152 return rc; 3153 3154 rc = ebitmap_write(&role->dominates, fp); 3155 if (rc) 3156 return rc; 3157 3158 rc = ebitmap_write(&role->types, fp); 3159 if (rc) 3160 return rc; 3161 3162 return 0; 3163} 3164 3165static int type_write(void *vkey, void *datum, void *ptr) 3166{ 3167 char *key = vkey; 3168 struct type_datum *typdatum = datum; 3169 struct policy_data *pd = ptr; 3170 struct policydb *p = pd->p; 3171 void *fp = pd->fp; 3172 __le32 buf[4]; 3173 int rc; 3174 size_t items, len; 3175 3176 len = strlen(key); 3177 items = 0; 3178 buf[items++] = cpu_to_le32(len); 3179 buf[items++] = cpu_to_le32(typdatum->value); 3180 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3181 u32 properties = 0; 3182 3183 if (typdatum->primary) 3184 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3185 3186 if (typdatum->attribute) 3187 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3188 3189 buf[items++] = cpu_to_le32(properties); 3190 buf[items++] = cpu_to_le32(typdatum->bounds); 3191 } else { 3192 buf[items++] = cpu_to_le32(typdatum->primary); 3193 } 3194 BUG_ON(items > ARRAY_SIZE(buf)); 3195 rc = put_entry(buf, sizeof(u32), items, fp); 3196 if (rc) 3197 return rc; 3198 3199 rc = put_entry(key, 1, len, fp); 3200 if (rc) 3201 return rc; 3202 3203 return 0; 3204} 3205 3206static int user_write(void *vkey, void *datum, void *ptr) 3207{ 3208 char *key = vkey; 3209 struct user_datum *usrdatum = datum; 3210 struct policy_data *pd = ptr; 3211 struct policydb *p = pd->p; 3212 void *fp = pd->fp; 3213 __le32 buf[3]; 3214 size_t items, len; 3215 int rc; 3216 3217 len = strlen(key); 3218 items = 0; 3219 buf[items++] = cpu_to_le32(len); 3220 buf[items++] = cpu_to_le32(usrdatum->value); 3221 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3222 buf[items++] = cpu_to_le32(usrdatum->bounds); 3223 BUG_ON(items > ARRAY_SIZE(buf)); 3224 rc = put_entry(buf, sizeof(u32), items, fp); 3225 if (rc) 3226 return rc; 3227 3228 rc = put_entry(key, 1, len, fp); 3229 if (rc) 3230 return rc; 3231 3232 rc = ebitmap_write(&usrdatum->roles, fp); 3233 if (rc) 3234 return rc; 3235 3236 rc = mls_write_range_helper(&usrdatum->range, fp); 3237 if (rc) 3238 return rc; 3239 3240 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3241 if (rc) 3242 return rc; 3243 3244 return 0; 3245} 3246 3247static int (*write_f[SYM_NUM]) (void *key, void *datum, 3248 void *datap) = 3249{ 3250 common_write, 3251 class_write, 3252 role_write, 3253 type_write, 3254 user_write, 3255 cond_write_bool, 3256 sens_write, 3257 cat_write, 3258}; 3259 3260static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3261 void *fp) 3262{ 3263 unsigned int i, j, rc; 3264 size_t nel, len; 3265 __be64 prefixbuf[1]; 3266 __le32 buf[3]; 3267 u32 nodebuf[8]; 3268 struct ocontext *c; 3269 for (i = 0; i < info->ocon_num; i++) { 3270 nel = 0; 3271 for (c = p->ocontexts[i]; c; c = c->next) 3272 nel++; 3273 buf[0] = cpu_to_le32(nel); 3274 rc = put_entry(buf, sizeof(u32), 1, fp); 3275 if (rc) 3276 return rc; 3277 for (c = p->ocontexts[i]; c; c = c->next) { 3278 switch (i) { 3279 case OCON_ISID: 3280 buf[0] = cpu_to_le32(c->sid[0]); 3281 rc = put_entry(buf, sizeof(u32), 1, fp); 3282 if (rc) 3283 return rc; 3284 rc = context_write(p, &c->context[0], fp); 3285 if (rc) 3286 return rc; 3287 break; 3288 case OCON_FS: 3289 case OCON_NETIF: 3290 len = strlen(c->u.name); 3291 buf[0] = cpu_to_le32(len); 3292 rc = put_entry(buf, sizeof(u32), 1, fp); 3293 if (rc) 3294 return rc; 3295 rc = put_entry(c->u.name, 1, len, fp); 3296 if (rc) 3297 return rc; 3298 rc = context_write(p, &c->context[0], fp); 3299 if (rc) 3300 return rc; 3301 rc = context_write(p, &c->context[1], fp); 3302 if (rc) 3303 return rc; 3304 break; 3305 case OCON_PORT: 3306 buf[0] = cpu_to_le32(c->u.port.protocol); 3307 buf[1] = cpu_to_le32(c->u.port.low_port); 3308 buf[2] = cpu_to_le32(c->u.port.high_port); 3309 rc = put_entry(buf, sizeof(u32), 3, fp); 3310 if (rc) 3311 return rc; 3312 rc = context_write(p, &c->context[0], fp); 3313 if (rc) 3314 return rc; 3315 break; 3316 case OCON_NODE: 3317 nodebuf[0] = c->u.node.addr; /* network order */ 3318 nodebuf[1] = c->u.node.mask; /* network order */ 3319 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3320 if (rc) 3321 return rc; 3322 rc = context_write(p, &c->context[0], fp); 3323 if (rc) 3324 return rc; 3325 break; 3326 case OCON_FSUSE: 3327 buf[0] = cpu_to_le32(c->v.behavior); 3328 len = strlen(c->u.name); 3329 buf[1] = cpu_to_le32(len); 3330 rc = put_entry(buf, sizeof(u32), 2, fp); 3331 if (rc) 3332 return rc; 3333 rc = put_entry(c->u.name, 1, len, fp); 3334 if (rc) 3335 return rc; 3336 rc = context_write(p, &c->context[0], fp); 3337 if (rc) 3338 return rc; 3339 break; 3340 case OCON_NODE6: 3341 for (j = 0; j < 4; j++) 3342 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3343 for (j = 0; j < 4; j++) 3344 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3345 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3346 if (rc) 3347 return rc; 3348 rc = context_write(p, &c->context[0], fp); 3349 if (rc) 3350 return rc; 3351 break; 3352 case OCON_IBPKEY: 3353 /* subnet_prefix is in CPU order */ 3354 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); 3355 3356 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3357 if (rc) 3358 return rc; 3359 3360 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3361 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3362 3363 rc = put_entry(buf, sizeof(u32), 2, fp); 3364 if (rc) 3365 return rc; 3366 rc = context_write(p, &c->context[0], fp); 3367 if (rc) 3368 return rc; 3369 break; 3370 case OCON_IBENDPORT: 3371 len = strlen(c->u.ibendport.dev_name); 3372 buf[0] = cpu_to_le32(len); 3373 buf[1] = cpu_to_le32(c->u.ibendport.port); 3374 rc = put_entry(buf, sizeof(u32), 2, fp); 3375 if (rc) 3376 return rc; 3377 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp); 3378 if (rc) 3379 return rc; 3380 rc = context_write(p, &c->context[0], fp); 3381 if (rc) 3382 return rc; 3383 break; 3384 } 3385 } 3386 } 3387 return 0; 3388} 3389 3390static int genfs_write(struct policydb *p, void *fp) 3391{ 3392 struct genfs *genfs; 3393 struct ocontext *c; 3394 size_t len; 3395 __le32 buf[1]; 3396 int rc; 3397 3398 len = 0; 3399 for (genfs = p->genfs; genfs; genfs = genfs->next) 3400 len++; 3401 buf[0] = cpu_to_le32(len); 3402 rc = put_entry(buf, sizeof(u32), 1, fp); 3403 if (rc) 3404 return rc; 3405 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3406 len = strlen(genfs->fstype); 3407 buf[0] = cpu_to_le32(len); 3408 rc = put_entry(buf, sizeof(u32), 1, fp); 3409 if (rc) 3410 return rc; 3411 rc = put_entry(genfs->fstype, 1, len, fp); 3412 if (rc) 3413 return rc; 3414 len = 0; 3415 for (c = genfs->head; c; c = c->next) 3416 len++; 3417 buf[0] = cpu_to_le32(len); 3418 rc = put_entry(buf, sizeof(u32), 1, fp); 3419 if (rc) 3420 return rc; 3421 for (c = genfs->head; c; c = c->next) { 3422 len = strlen(c->u.name); 3423 buf[0] = cpu_to_le32(len); 3424 rc = put_entry(buf, sizeof(u32), 1, fp); 3425 if (rc) 3426 return rc; 3427 rc = put_entry(c->u.name, 1, len, fp); 3428 if (rc) 3429 return rc; 3430 buf[0] = cpu_to_le32(c->v.sclass); 3431 rc = put_entry(buf, sizeof(u32), 1, fp); 3432 if (rc) 3433 return rc; 3434 rc = context_write(p, &c->context[0], fp); 3435 if (rc) 3436 return rc; 3437 } 3438 } 3439 return 0; 3440} 3441 3442static int range_write_helper(void *key, void *data, void *ptr) 3443{ 3444 __le32 buf[2]; 3445 struct range_trans *rt = key; 3446 struct mls_range *r = data; 3447 struct policy_data *pd = ptr; 3448 void *fp = pd->fp; 3449 struct policydb *p = pd->p; 3450 int rc; 3451 3452 buf[0] = cpu_to_le32(rt->source_type); 3453 buf[1] = cpu_to_le32(rt->target_type); 3454 rc = put_entry(buf, sizeof(u32), 2, fp); 3455 if (rc) 3456 return rc; 3457 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3458 buf[0] = cpu_to_le32(rt->target_class); 3459 rc = put_entry(buf, sizeof(u32), 1, fp); 3460 if (rc) 3461 return rc; 3462 } 3463 rc = mls_write_range_helper(r, fp); 3464 if (rc) 3465 return rc; 3466 3467 return 0; 3468} 3469 3470static int range_write(struct policydb *p, void *fp) 3471{ 3472 __le32 buf[1]; 3473 int rc; 3474 struct policy_data pd; 3475 3476 pd.p = p; 3477 pd.fp = fp; 3478 3479 buf[0] = cpu_to_le32(p->range_tr.nel); 3480 rc = put_entry(buf, sizeof(u32), 1, fp); 3481 if (rc) 3482 return rc; 3483 3484 /* actually write all of the entries */ 3485 rc = hashtab_map(&p->range_tr, range_write_helper, &pd); 3486 if (rc) 3487 return rc; 3488 3489 return 0; 3490} 3491 3492static int filename_write_helper_compat(void *key, void *data, void *ptr) 3493{ 3494 struct filename_trans_key *ft = key; 3495 struct filename_trans_datum *datum = data; 3496 struct ebitmap_node *node; 3497 void *fp = ptr; 3498 __le32 buf[4]; 3499 int rc; 3500 u32 bit, len = strlen(ft->name); 3501 3502 do { 3503 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) { 3504 buf[0] = cpu_to_le32(len); 3505 rc = put_entry(buf, sizeof(u32), 1, fp); 3506 if (rc) 3507 return rc; 3508 3509 rc = put_entry(ft->name, sizeof(char), len, fp); 3510 if (rc) 3511 return rc; 3512 3513 buf[0] = cpu_to_le32(bit + 1); 3514 buf[1] = cpu_to_le32(ft->ttype); 3515 buf[2] = cpu_to_le32(ft->tclass); 3516 buf[3] = cpu_to_le32(datum->otype); 3517 3518 rc = put_entry(buf, sizeof(u32), 4, fp); 3519 if (rc) 3520 return rc; 3521 } 3522 3523 datum = datum->next; 3524 } while (unlikely(datum)); 3525 3526 return 0; 3527} 3528 3529static int filename_write_helper(void *key, void *data, void *ptr) 3530{ 3531 struct filename_trans_key *ft = key; 3532 struct filename_trans_datum *datum; 3533 void *fp = ptr; 3534 __le32 buf[3]; 3535 int rc; 3536 u32 ndatum, len = strlen(ft->name); 3537 3538 buf[0] = cpu_to_le32(len); 3539 rc = put_entry(buf, sizeof(u32), 1, fp); 3540 if (rc) 3541 return rc; 3542 3543 rc = put_entry(ft->name, sizeof(char), len, fp); 3544 if (rc) 3545 return rc; 3546 3547 ndatum = 0; 3548 datum = data; 3549 do { 3550 ndatum++; 3551 datum = datum->next; 3552 } while (unlikely(datum)); 3553 3554 buf[0] = cpu_to_le32(ft->ttype); 3555 buf[1] = cpu_to_le32(ft->tclass); 3556 buf[2] = cpu_to_le32(ndatum); 3557 rc = put_entry(buf, sizeof(u32), 3, fp); 3558 if (rc) 3559 return rc; 3560 3561 datum = data; 3562 do { 3563 rc = ebitmap_write(&datum->stypes, fp); 3564 if (rc) 3565 return rc; 3566 3567 buf[0] = cpu_to_le32(datum->otype); 3568 rc = put_entry(buf, sizeof(u32), 1, fp); 3569 if (rc) 3570 return rc; 3571 3572 datum = datum->next; 3573 } while (unlikely(datum)); 3574 3575 return 0; 3576} 3577 3578static int filename_trans_write(struct policydb *p, void *fp) 3579{ 3580 __le32 buf[1]; 3581 int rc; 3582 3583 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3584 return 0; 3585 3586 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 3587 buf[0] = cpu_to_le32(p->compat_filename_trans_count); 3588 rc = put_entry(buf, sizeof(u32), 1, fp); 3589 if (rc) 3590 return rc; 3591 3592 rc = hashtab_map(&p->filename_trans, 3593 filename_write_helper_compat, fp); 3594 } else { 3595 buf[0] = cpu_to_le32(p->filename_trans.nel); 3596 rc = put_entry(buf, sizeof(u32), 1, fp); 3597 if (rc) 3598 return rc; 3599 3600 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp); 3601 } 3602 return rc; 3603} 3604 3605/* 3606 * Write the configuration data in a policy database 3607 * structure to a policy database binary representation 3608 * file. 3609 */ 3610int policydb_write(struct policydb *p, void *fp) 3611{ 3612 unsigned int i, num_syms; 3613 int rc; 3614 __le32 buf[4]; 3615 u32 config; 3616 size_t len; 3617 struct policydb_compat_info *info; 3618 3619 /* 3620 * refuse to write policy older than compressed avtab 3621 * to simplify the writer. There are other tests dropped 3622 * since we assume this throughout the writer code. Be 3623 * careful if you ever try to remove this restriction 3624 */ 3625 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3626 pr_err("SELinux: refusing to write policy version %d." 3627 " Because it is less than version %d\n", p->policyvers, 3628 POLICYDB_VERSION_AVTAB); 3629 return -EINVAL; 3630 } 3631 3632 config = 0; 3633 if (p->mls_enabled) 3634 config |= POLICYDB_CONFIG_MLS; 3635 3636 if (p->reject_unknown) 3637 config |= REJECT_UNKNOWN; 3638 if (p->allow_unknown) 3639 config |= ALLOW_UNKNOWN; 3640 3641 /* Write the magic number and string identifiers. */ 3642 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3643 len = strlen(POLICYDB_STRING); 3644 buf[1] = cpu_to_le32(len); 3645 rc = put_entry(buf, sizeof(u32), 2, fp); 3646 if (rc) 3647 return rc; 3648 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3649 if (rc) 3650 return rc; 3651 3652 /* Write the version, config, and table sizes. */ 3653 info = policydb_lookup_compat(p->policyvers); 3654 if (!info) { 3655 pr_err("SELinux: compatibility lookup failed for policy " 3656 "version %d", p->policyvers); 3657 return -EINVAL; 3658 } 3659 3660 buf[0] = cpu_to_le32(p->policyvers); 3661 buf[1] = cpu_to_le32(config); 3662 buf[2] = cpu_to_le32(info->sym_num); 3663 buf[3] = cpu_to_le32(info->ocon_num); 3664 3665 rc = put_entry(buf, sizeof(u32), 4, fp); 3666 if (rc) 3667 return rc; 3668 3669 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3670 rc = ebitmap_write(&p->policycaps, fp); 3671 if (rc) 3672 return rc; 3673 } 3674 3675 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3676 rc = ebitmap_write(&p->permissive_map, fp); 3677 if (rc) 3678 return rc; 3679 } 3680 3681 num_syms = info->sym_num; 3682 for (i = 0; i < num_syms; i++) { 3683 struct policy_data pd; 3684 3685 pd.fp = fp; 3686 pd.p = p; 3687 3688 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3689 buf[1] = cpu_to_le32(p->symtab[i].table.nel); 3690 3691 rc = put_entry(buf, sizeof(u32), 2, fp); 3692 if (rc) 3693 return rc; 3694 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd); 3695 if (rc) 3696 return rc; 3697 } 3698 3699 rc = avtab_write(p, &p->te_avtab, fp); 3700 if (rc) 3701 return rc; 3702 3703 rc = cond_write_list(p, fp); 3704 if (rc) 3705 return rc; 3706 3707 rc = role_trans_write(p, fp); 3708 if (rc) 3709 return rc; 3710 3711 rc = role_allow_write(p->role_allow, fp); 3712 if (rc) 3713 return rc; 3714 3715 rc = filename_trans_write(p, fp); 3716 if (rc) 3717 return rc; 3718 3719 rc = ocontext_write(p, info, fp); 3720 if (rc) 3721 return rc; 3722 3723 rc = genfs_write(p, fp); 3724 if (rc) 3725 return rc; 3726 3727 rc = range_write(p, fp); 3728 if (rc) 3729 return rc; 3730 3731 for (i = 0; i < p->p_types.nprim; i++) { 3732 struct ebitmap *e = &p->type_attr_map_array[i]; 3733 3734 rc = ebitmap_write(e, fp); 3735 if (rc) 3736 return rc; 3737 } 3738 3739 return 0; 3740} 3741